General Info

File name

jelma.exe

Full analysis
https://app.any.run/tasks/e00de23f-4309-40e1-933b-541f61aec3d3
Verdict
Malicious activity
Analysis date
11/8/2018, 09:56:49
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

ransomware

gandcrab

trojan

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

6d497a11457912bff6d4b92b5e383037

SHA1

d8e41fdc4acc037ac3f4155321b62e9e14fd9220

SHA256

f6e4a44a1c6bd6a79041746337fbba4e725abb70afb48d676a60dd3ba0c5c65f

SSDEEP

12288:T0HVVyZ0fNuTJHLvpkMPrQ4YVZq3Yu8/Cv9qFe4K:TKHcTFLvprs4YVcIu8sl4K

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
120 seconds
Additional time used
60 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Connects to CnC server
  • jelma.exe (PID: 3880)
Writes file to Word startup folder
  • jelma.exe (PID: 3880)
Dropped file may contain instructions of ransomware
  • jelma.exe (PID: 3880)
GandCrab keys found
  • jelma.exe (PID: 3880)
Renames files like Ransomware
  • jelma.exe (PID: 3880)
Deletes shadow copies
  • jelma.exe (PID: 3880)
Actions looks like stealing of personal data
  • jelma.exe (PID: 3880)
Creates files like Ransomware instruction
  • jelma.exe (PID: 3880)
Creates files in the user directory
  • jelma.exe (PID: 3880)
Dropped object may contain TOR URL's
  • jelma.exe (PID: 3880)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win32 Executable MS Visual C++ (generic) (42.2%)
.exe
|   Win64 Executable (generic) (37.3%)
.dll
|   Win32 Dynamic Link Library (generic) (8.8%)
.exe
|   Win32 Executable (generic) (6%)
.exe
|   Generic Win/DOS Executable (2.7%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2018:11:07 22:21:42+01:00
PEType:
PE32
LinkerVersion:
9
CodeSize:
288256
InitializedDataSize:
256000
UninitializedDataSize:
null
EntryPoint:
0x17780
OSVersion:
5
ImageVersion:
null
SubsystemVersion:
5
Subsystem:
Windows GUI
FileVersionNumber:
5.4.7.366
ProductVersionNumber:
5.4.7.366
FileFlagsMask:
0x003f
FileFlags:
(none)
FileOS:
Windows NT 32-bit
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
English (U.S.)
CharacterSet:
Unicode
FileDescription:
Nextstep Textarea Slwcars Seagate Affrdable
CompanyName:
Softplicity
InternalName:
Korn Slves
LegalCopyright:
Softplicity Copyright (c) 2014 - . All rights reserved.
ProductName:
Korn Slves
ProductVersion:
5.4.7.366
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
07-Nov-2018 21:21:42
Detected languages
English - United States
FileDescription:
Nextstep Textarea Slwcars Seagate Affrdable
CompanyName:
Softplicity
InternalName:
Korn Slves
LegalCopyright:
Softplicity Copyright (c) 2014 - . All rights reserved.
ProductName:
Korn Slves
ProductVersion:
5.4.7.366
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x000000F8
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
4
Time date stamp:
07-Nov-2018 21:21:42
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x00046561 0x00046600 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.3967
.rdata 0x00048000 0x00012FA6 0x00013000 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.87471
.data 0x0005B000 0x00003D08 0x00001E00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 4.05469
.rsrc 0x0005F000 0x00029940 0x00029A00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 7.59437
Resources
1

28

190

230

2065

2066

2067

2068

2069

2070

3989

4077

4078

4079

4104

4214

30734

32500

AQUA_IDB_OFFICE2007_RIBBON_BTN_PAGE_L

AQUA_IDB_OFFICE2007_RIBBON_BTN_PAGE_R

Imports
    KERNEL32.dll

    USER32.dll

    GDI32.dll

    WINSPOOL.DRV

    COMDLG32.dll

    ADVAPI32.dll

    SHELL32.dll

    ole32.dll

    OLEAUT32.dll

    ODBC32.dll

    WS2_32.dll

    PSAPI.DLL

    MSVFW32.dll

    AVIFIL32.dll

    SHLWAPI.dll

    COMCTL32.dll

    RPCRT4.dll

    UxTheme.dll

Exports

    No exports.

Screenshots

Processes

Total processes
35
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

+
start #GANDCRAB jelma.exe wmic.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3880
CMD
"C:\Users\admin\AppData\Local\Temp\jelma.exe"
Path
C:\Users\admin\AppData\Local\Temp\jelma.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Softplicity
Description
Nextstep Textarea Slwcars Seagate Affrdable
Version
Modules
Image
c:\users\admin\appdata\local\temp\jelma.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winspool.drv
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\msvfw32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\avifil32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\propsys.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\wbem\wmic.exe
c:\windows\system32\iconcodecservice.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll

PID
1392
CMD
"C:\Windows\system32\wbem\wmic.exe" shadowcopy delete
Path
C:\Windows\system32\wbem\wmic.exe
Indicators
No indicators
Parent process
jelma.exe
User
admin
Integrity Level
MEDIUM
Exit code
2147749908
Version:
Company
Microsoft Corporation
Description
WMI Commandline Utility
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\wbem\wmic.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\common files\microsoft shared\office14\msoxmlmf.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\wbem\wmiutils.dll

Registry activity

Total events
125
Read events
94
Write events
31
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
3880
jelma.exe
write
HKEY_CURRENT_USER\Software\ex_data\data
ext
2E007200650064006F0064000000
3880
jelma.exe
write
HKEY_CURRENT_USER\Software\keys_data\data
public
0602000000A40000525341310008000001000100C9C9F56953917131333883BCE56093D2252FC4035DFAD193A4D3616F4C927E8166DE1B9EC1CCEB5842CD989DAB3EC31C249209249B1A447E07866C3C4BBB8A5328FE84103DDF59FEAB8A93C0868A68EF7E51ADBFFAB128050DA3F0BB63727B9097C4F03B20814E5A54835546967786B920AFAFA61B3DEF5EEDA5497A363AB0A825AF768783236ED4A6D3391D91770D662B120076EC1DCE761117D0DEDF7DA9AD3B7BADE17B58F267FEE008F70CC0B03EFFFFB1F2EC927A64C3682B4CB62AD78C5EEEA064A2132FEA5E3EE4EEF257B4F7D308A40DFF145754E05E2814D1EB925685C9D0EB254B110FA23D69E5399E660DC73D0B04293DA8718BB046880B1405C6
3880
jelma.exe
write
HKEY_CURRENT_USER\Software\keys_data\data
private
9404000033D7033CF2E5147FE854B0D84B8F804683050D551F46AD368FF505861287E508E42A96A967BA1A95801489FE996DE9FE6168F9DA543AFA1F3A6FCAB005BFD7B08F330626198FE37EA70ED957F2852B7192BFFA2221C79532C400439BA66B72A521F056C76ECC2C39C478DDC8B6DC5A9A49D21308755AE7711909579199E23DC12DF615DB0869C61C5925C06E67C817AEFFBECC4AE5A3710EC1B86E778C86D5378DCD886690445DC90E738A1D2CBE22E30B0BB4B48B745395BE43239C15528406F224663FD1EA25B60C5D7324FBB52984DE7FB97ABAAE98EC3C73E71F8B5DE47429147CECD557988D4D4D2FBA1819C55E5E9B7B20D4C9C8702CEF4D031B6B242C6E32086100A09B800423CB2A8556123982178A614BF6F2E15F83D0B8E35029F36051D6336878A4CAD0BC1B4A71EBB1316285EB323BFAEC6177BB9FFC048244A64DE618A606CA778B108C534424A8EB9F83463E4031206BA38044F0AE0E2B32DAF11F6A5D72B2D9A9F77AE89B62F3BA547F61D411AFF9CDB7CB87DF5C4D69706090304C2310B1A1D0CFBD97382512F1748E5817C87102B24F46895E5D7EB67EA622775A3268B3DEA22E7435DC91C529B40D602A039D840E82082D94E524972E11B58AB00662D4F72F4D985432C56ABDE80C05EF4F01D3FED09A8E944AA2554F6D4D60959878C9A4FA7F816FCEDA6F8D014AFE39921F97F0D2FBEE0902B412E485F42CF8106F2C1B68772F6006EBCBC1BF1536DE71FA1C19F4E2F9C6347E7238F2914CB5E1FC7BE00FB25FD0FC6CA450100EC65E52A265A7E3B06FFCE59F648224DA9BC3A73DD0FA55E211EC84472C22A63371516E54F0E36B19385C864E5A5BA141B6AB18C20447DCA242EE618E0F0706DCBDE97A1841025ECF4A4B686F853E13D4F6C4422E9454F51711480891701557B8F4FC988F06138DFDE1148E2E605CE11EC0A5D17026E83162CAFDD692EF19C9641F680B75B2D48DD9A87BF98B5D91DD56B2E2E9B8F8BFB645E605DF1011AA53D7163FCFFA9947138B1B7A0DAAFAC822486FC3AD44E9290743AB842DE0FF03EF96FFD8E50637F462DC62221E852CEDAF08E92D815C7962A9E0967A088DA5F996A661F04D91966088EFB39BED3001A05D1F7B711C594773855BDF91C98534E6D7351974ECC7A717167FDDEC0FA190EA510854049270369782CAEBAD2DA573F35BB10DF549127C55EAA95916EF1AAFB9C3FF5E0B18CD47DE7DAB6F52C7DF879316AB7FE01908BA2B101703AB874EFB5F241363381E8A1E1B46C3B559030974EDAD9C4DC379B860559D511C902102A42F155F76A923D1B1B9A2F2A8F610E75C51E80C51E8F384A047E51625D17C69B35C431637A3AA9B3A44D8E9858FB24AF2575E7816FDDC63C264520055B9ED0A229932153D90EB310CB45926B596B74AD17A75B8CF76865C0D8137EE9D007EF9E81D6BB1FF3C3E15493FCCBF79C95779268256930E9F4AB0F85005601A278472770F6EA66A6D8704C118C4DA5F914E0F19E69F3678C561DFFF964E15C701195B220A6D737DDC70205D694C03629629C0E2F71722C380114D75F659433C18D5911A8FA319F8D26D656948BB1EB007B672AFE59754E6C6214FE1525DAE47E0EA8975A6B1D70A8E6F1EF20EF1243E6E74F5C0D513A2313234A77A95F4E98AE473DC72989994C2AE9A4C4BBFAD9326466BEB0E27918D72C1E9962981AB5D82FC5B3C3CBB1591DC4DE4F88CD4BDADEA6F8257EBFB2D74D4F4CC850972D00982C6159AB87A0D0C01E19998F9174BF5B4CB637E62385F8C48C16ECDEF557CEDDE14FB3A7E1DA82A28FB07C1A0EBD631A1E6BC4D102AD218FB83DF356A5A5D8E8ECF8788717C1C0C1495743451D693E03FE99597250FD0B704C7854808721DD13065B9289120EB6F8459A81EB76A6D4948CF7EA68E8D9C4468407C78F73A92B3A2C162BE97E02E67DE26B68430DBE943C99593D45E205F2084A53DF5C89C9E61C239436624985EB829843979ADF99AB2B422A1E36E751FE6378C708E8D9C8CAE068D7F48ADB5D8001950D2B6D1A138CB38CDF4BA8E09776902A1B475F3589F48F0E9152C10C63BE5C84E7F53A7785CB81FC27C870FE59E4E240E0CE87C1144B01B63C21F028EF964026565DC31C8872DDA882F2577DFE1486094DDD58C784CDEEB4396A71AFB74F59C8BC3631ECA039862D207D18F4EE08EA1ED8DA3204A24252FA44D5FF97C22A8D1372534FB9DB436834A796B848D2B79A2F621D352E5EC5F49EDB82486AD0AA506033F58222BE9E32B3D79AA20070074BE28F8306083C041A414A2753D8F136B66EC2898100599A7E72128E65B5C611E13280D6039D4DDEDA8549BB425E5F5321022985D5F9FF17C270A3878158A1AC2B7C1CE
3880
jelma.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3880
jelma.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3880
jelma.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\jelma_RASAPI32
EnableFileTracing
0
3880
jelma.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\jelma_RASAPI32
EnableConsoleTracing
0
3880
jelma.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\jelma_RASAPI32
FileTracingMask
4294901760
3880
jelma.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\jelma_RASAPI32
ConsoleTracingMask
4294901760
3880
jelma.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\jelma_RASAPI32
MaxFileSize
1048576
3880
jelma.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\jelma_RASAPI32
FileDirectory
%windir%\tracing
3880
jelma.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\jelma_RASMANCS
EnableFileTracing
0
3880
jelma.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\jelma_RASMANCS
EnableConsoleTracing
0
3880
jelma.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\jelma_RASMANCS
FileTracingMask
4294901760
3880
jelma.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\jelma_RASMANCS
ConsoleTracingMask
4294901760
3880
jelma.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\jelma_RASMANCS
MaxFileSize
1048576
3880
jelma.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\jelma_RASMANCS
FileDirectory
%windir%\tracing
3880
jelma.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3880
jelma.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3880
jelma.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US

Files activity

Executable files
0
Suspicious files
280
Text files
211
Unknown types
6

Dropped files

PID
Process
Filename
Type
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1059394878bslnoicgkullipsFt2s%.files\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
text
MD5: 775e85f54581531a5d634f0f6fd43b9f
SHA256: 3437b32b2065804a3d2a5db05981ddc63c8df7321a3dc826f8cf6cbfd0a32498
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
text
MD5: 188cdf1e4b9cbdfa71ec4dcf634e1dd7
SHA256: 2824cdeacad776c9fcf1f42c17b597213707fa51b4394e84d7079909f454e58c
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
binary
MD5: 22f75ed98bc2e398d4ca5fb5931cf463
SHA256: dda890873069e9ef077184c0cc2d5e9a23ca24641c247e0787e4e3e940a06987
3880
jelma.exe
C:\Users\admin\AppData\Local\Temp\Tar2D55.tmp
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Local\Temp\Cab2D54.tmp
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
compressed
MD5: 54e559cef8146fe9aa8b5ba30ca4f6aa
SHA256: 9c086d962c942cff645dbd48b700191e96e3371b3d006e4eb3c7ac3c842057c9
3880
jelma.exe
C:\Users\admin\AppData\Local\Temp\Tar2C97.tmp
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Local\Temp\Cab2C96.tmp
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Local\Temp\Tar2C57.tmp
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Local\Temp\Cab2C46.tmp
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: a854ed4227bacf7a8c865323d9ce1378
SHA256: 7bee04789e359d1eeac4eeb56f3465658e110670920a6dfc5aacb7e9ff93ec96
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: 9bc9c04c4064abb38d8d0bf88025cc3d
SHA256: ac9579dab0688880956cc4145ce83816b44dc9a3552d691a867fb3f2bb974412
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: 2ac6971c83326512370fcd65694bbcda
SHA256: 8d4b8d7d002589359149c82dc755945acb379ae6fe262c266749625af6f94240
3880
jelma.exe
C:\Users\admin\AppData\Local\Temp\pidor.bmp
image
MD5: d7ac37e11d7796ebbe9ac0d0f65ba2cf
SHA256: 84912d65df94b35ef91c678c2fe5a35b81acb35f168261290bd6d3f76fb8db49
3880
jelma.exe
C:\Users\Public\Videos\Sample Videos\Wildlife.wmv.redod
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\Public\Videos\Sample Videos\Wildlife.wmv
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\Public\Videos\Sample Videos\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv.redod
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg.redod
binary
MD5: fcd841a07a32718934ff35e14487725c
SHA256: 5804ba08b41672d79fa524302c1a8a1094cd6ef070f42e5f5009e4fb98fb4662
3880
jelma.exe
C:\Users\Public\Recorded TV\Sample Media\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\Public\Recorded TV\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg.redod
binary
MD5: fb8f9835dddce330ee493872a0cdfb1b
SHA256: dbfd3c171d73ac50d7338109c63cc5d373b749d787721c266140f8266151b141
3880
jelma.exe
C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\Public\Pictures\Sample Pictures\Koala.jpg.redod
binary
MD5: 264189b624da63c92492ae90c074281e
SHA256: fa56be758424dd2590a50e0a92d8988ad06b2956ddad42c3b5c1f54c1373f086
3880
jelma.exe
C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg.redod
binary
MD5: fe2cee7a8e9270c7367681af37dce621
SHA256: 79e993d9a56fe22b3615b36aa1a54b38397dd1116fc3c86f7e382fe4f8ba7fc4
3880
jelma.exe
C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\Public\Pictures\Sample Pictures\Koala.jpg
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg.redod
binary
MD5: 23e36931fa343c0681b0d2169b419b1e
SHA256: 0e5be27b9dc7ed645b4912eeffd94c6b29715f2dc290e89fb8c0f72b3f42951a
3880
jelma.exe
C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg.redod
binary
MD5: 859e4c1c73259a03f63cae243648d7ce
SHA256: 5ee03f377c4cd21602241b37bb576aae0e96940efefe2e0b3ec90f84dc8cc781
3880
jelma.exe
C:\Users\Public\Pictures\Sample Pictures\Desert.jpg.redod
binary
MD5: e978982b43db22298662f3337d4913de
SHA256: 9aba45a01624e6426f1ffe2bf4313f54babee694e0201844640d833e307437eb
3880
jelma.exe
C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\Public\Pictures\Sample Pictures\Desert.jpg
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg.redod
pi
MD5: fd9384e06c839c9a697d76b30f6ef4f2
SHA256: 1bff8ec788c14c5c0fb0f3b51a9b0c860ad8b63f8b41b7854fa167725178024a
3880
jelma.exe
C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\Public\Pictures\Sample Pictures\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\Public\Music\Sample Music\Sleep Away.mp3.redod
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\Public\Music\Sample Music\Sleep Away.mp3
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3.redod
binary
MD5: 1a2b3a7d4fa1b6cb4c2c4347bc3f351d
SHA256: 682a762f9f74a35527cf5862a9d872e96ee9640f0f3c52ea28c599604b4d4c4b
3880
jelma.exe
C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\Public\Music\Sample Music\Kalimba.mp3
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\Public\Music\Sample Music\Kalimba.mp3.redod
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\Public\Libraries\RecordedTV.library-ms.redod
binary
MD5: 1bb3c51b9bfcd99ecbbff9fecd4e5116
SHA256: 4a3de9700e2a5a719995994961e7c5b211c1f976476897462e12d83f593344ea
3880
jelma.exe
C:\Users\Public\Music\Sample Music\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\Public\Libraries\RecordedTV.library-ms
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\Public\Videos\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\Public\Pictures\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\Public\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\Public\Favorites\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\Public\Downloads\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\Public\Documents\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\Public\Libraries\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\Public\Music\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Templates\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\Saved Games\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\Pictures\updatespresent.jpg.redod
binary
MD5: 885c4889a30fec9ad2ef214975f7e314
SHA256: 9860bbc369abba72adc69d08f24907907df150d0c6082aaedc7455c09522c29e
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\Searches\Microsoft OneNote.searchconnector-ms.redod
binary
MD5: 9d11ecd600ee84ed2db19460c80085d2
SHA256: 78cdb108e996bc41d27032cbb4a2f7e2d1581365e5bd88c23827dcaa7bb8831a
3880
jelma.exe
C:\Users\admin\Searches\Microsoft Outlook.searchconnector-ms.redod
binary
MD5: 6726192e4b825e86e263e59dfce125f8
SHA256: ef71787aa7ca7068a457ac012da1d1f37ddf4300d8d6763b0c88ad70d14a01f5
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\Searches\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\SendTo\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\Searches\Microsoft OneNote.searchconnector-ms
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Searches\Microsoft Outlook.searchconnector-ms
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Pictures\thereforestudents.png.redod
binary
MD5: 0b83624537bc5508108b6282148f9c72
SHA256: 78510e188cac7715e2aec3625915246c567fa0f0ff823cc582bc10f8ad175de8
3880
jelma.exe
C:\Users\admin\Pictures\mongood.jpg.redod
binary
MD5: fc3ee4f843e6e63f940d729c0b6fccf4
SHA256: 61eaf3156302475ed654c71bc2b9994548118155faa95c0b1dd5fbc7f371f783
3880
jelma.exe
C:\Users\admin\Pictures\updatespresent.jpg
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Pictures\thereforestudents.png
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Pictures\ensurecalendar.jpg.redod
binary
MD5: 77b6c7750e1822c2b7e749bb0058a2ef
SHA256: d5647de4155f484dd19eef4858bba1efe8c9f0ef24601ba92344d5753fb40d62
3880
jelma.exe
C:\Users\admin\Pictures\mongood.jpg
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Pictures\ensurecalendar.jpg
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Pictures\createdarticle.jpg.redod
binary
MD5: 0ed1ab080ee1c8b633b02f0931ce3162
SHA256: b1c1562986f0971126a13c4f913444f995db91129de7361f017309dc41605929
3880
jelma.exe
C:\Users\admin\Pictures\cyes.png.redod
binary
MD5: b41f07b7fb1a40c5d5f47f922c5a1b91
SHA256: 4e23ddea9f12ffc14a7b1bd8e7b2366228623c70c21f2a395d82d13b8f25e9a0
3880
jelma.exe
C:\Users\admin\Pictures\cyes.png
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Pictures\createdarticle.jpg
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\ntuser.ini.redod
binary
MD5: fffddf11bd129e7fdc4aac2c4e507b99
SHA256: 6045c78f81d9f34a4ea763f8d29b7c0b59c9dd31be13779326e8794579547012
3880
jelma.exe
C:\Users\admin\Links\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Spaces.url.redod
binary
MD5: 2e09f8466c4eb07c1075e1517f7ea5e7
SHA256: 1dd46ba88627f6ed4f37ea480e8c6b9882178c838aa1734f77107d19274fb2e1
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Network Shortcuts\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\ntuser.ini
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Spaces.url
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Mail.url.redod
binary
MD5: 0b010a6ef193e65ac71e8294c63d9ea5
SHA256: b8325ca22fd2460ea96e99c956f3f9f481330a53ec8bc0a580016bfa324cc90c
3880
jelma.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Mail.url
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Gallery.url.redod
binary
MD5: 970261986d6cb7e4afa6ba7a2db886f2
SHA256: e643dab4f18a1debe2c86c336c69705c5bbf937f4239fd2ad2053e21b051af18
3880
jelma.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Gallery.url
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Favorites\Windows Live\Get Windows Live.url.redod
binary
MD5: 7ff65655f561b0b17cf171f833b4b71c
SHA256: 65b27e149b620ddab707b15808ea1c3876093444e7b381aa60cd1380728531fd
3880
jelma.exe
C:\Users\admin\Favorites\Windows Live\Get Windows Live.url
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Favorites\Windows Live\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\Favorites\MSN Websites\MSNBC News.url.redod
binary
MD5: 989f50b8788af06ca586c9fffa14e47a
SHA256: 91b17586a98d5946e4ae9ca668bf5ed2abe5392b851e70d0626c8c158cc4f5ad
3880
jelma.exe
C:\Users\admin\Favorites\MSN Websites\MSNBC News.url
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Favorites\MSN Websites\MSN Money.url.redod
binary
MD5: 60ff2d679efcd73351f9aa60262147d2
SHA256: e3bbaf0bf3f465ee7b69dd612ddbdf9b3d04beed05ad3d8e32bd183b7bed7e99
3880
jelma.exe
C:\Users\admin\Favorites\MSN Websites\MSN.url.redod
binary
MD5: 13dddd0af148c8e68a4c1a2ff9a4e57e
SHA256: 511863b5e97ba504e5d3e26e1806d34809f483951917a6e4ce27f0741e27453c
3880
jelma.exe
C:\Users\admin\Favorites\MSN Websites\MSN Sports.url.redod
binary
MD5: 761671d1c6259ee9c06486226ed3ad41
SHA256: 01cd50bc6d226ce601cca9d2bdb18f3803780b6552bd5c9fb35995c33ecadff9
3880
jelma.exe
C:\Users\admin\Favorites\MSN Websites\MSN.url
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Favorites\MSN Websites\MSN Sports.url
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Favorites\MSN Websites\MSN Autos.url.redod
binary
MD5: b4c9c5f77d1162f582d4120dc9a1acaa
SHA256: f89c3888483ef0b2ece67d6675e3806d94731804d92e016b4f8efa3b141aa521
3880
jelma.exe
C:\Users\admin\Favorites\MSN Websites\MSN Entertainment.url.redod
binary
MD5: 350c3f808c2fc9454dcef1c0d5db2e1d
SHA256: 943ec92e63790dbff6d0a3e826f0270a81175e7dee17955db1e24bc3516e67c2
3880
jelma.exe
C:\Users\admin\Favorites\MSN Websites\MSN Money.url
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Favorites\MSN Websites\MSN Autos.url
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Favorites\MSN Websites\MSN Entertainment.url
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft Store.url.redod
binary
MD5: 0ac7d6fe3c1edf883a3096196ad93946
SHA256: 5d26362efce579fb417e990a027734c3d4343b1034d267830b240146a41963bd
3880
jelma.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Work.url.redod
binary
MD5: d8195393bb686e982d4c8eccd13f27e5
SHA256: 2c0eeee60f8d00176401a59c705a5a691d3e7a8150c26dd9950990446cbad04f
3880
jelma.exe
C:\Users\admin\Favorites\MSN Websites\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft Store.url
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Work.url
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Home.url.redod
binary
MD5: c5dcf43865bda7add53604ebe103f877
SHA256: b9ac13544d91d39e54600cab4b3d7f9c95a165e2fc8ebac6bd3d1dc02ae84370
3880
jelma.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Home.url
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Favorites\Microsoft Websites\IE site on Microsoft.com.url.redod
binary
MD5: f280efe81fbf807b7809571dbb2ec8b7
SHA256: 8484d8f0ab8215c0806ff40c098bb51795e971c6e5c75c993f47a4b187789f31
3880
jelma.exe
C:\Users\admin\Favorites\Microsoft Websites\IE Add-on site.url.redod
binary
MD5: 295d3e8b80beca2082ba62e749408fc2
SHA256: 55758e787c9e08562b754331c11cd629910f66be0e35cb738be5c1e1d190cc2a
3880
jelma.exe
C:\Users\admin\Favorites\Microsoft Websites\IE site on Microsoft.com.url
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Favorites\Microsoft Websites\IE Add-on site.url
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Favorites\Links for United States\USA.gov.url.redod
binary
MD5: 65f25e03539fe37f6d5469e3cfae5905
SHA256: be42759a96fe35cf498f3c68cbe45e2128627e60945468161766d3bbc9e4f7e0
3880
jelma.exe
C:\Users\admin\Favorites\Links for United States\GobiernoUSA.gov.url.redod
binary
MD5: b118bb1d5a7179cb45940b7917894aef
SHA256: 4603b4ba0cb58bfe1a75d7c3af636959370ba316570a16ea1cf75598b1226a56
3880
jelma.exe
C:\Users\admin\Favorites\Microsoft Websites\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\Favorites\Links for United States\USA.gov.url
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Favorites\Links\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\Favorites\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\Favorites\Links\Suggested Sites.url.redod
binary
MD5: 0294df928d5785b0cba1c59f410886b3
SHA256: 2f9e0f31089a09c785d01b9a236854de4f042427074437ff151f3402f666a8a6
3880
jelma.exe
C:\Users\admin\Favorites\Links\Web Slice Gallery.url.redod
binary
MD5: 9083da5f36169e975dc83aa6294f3278
SHA256: 6bcbbc68e9aba3de04ba283e629ee40149db856595307ba99b822efa88dc8e41
3880
jelma.exe
C:\Users\admin\Favorites\Links for United States\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\Downloads\starsagain.png.redod
binary
MD5: dae27c50f77e4b7c86a145f9676b343b
SHA256: 7ebd8553a58d88d106e9a02ecd5d58753b814e49235fa338c7a399b17afab9f0
3880
jelma.exe
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Favorites\Links for United States\GobiernoUSA.gov.url
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Favorites\Links\Suggested Sites.url
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Downloads\starsagain.png
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Downloads\britishread.png.redod
binary
MD5: d0633537fc393fa87378904371dff9ae
SHA256: 61be55b815888f4c4b5a30a6e7362b0db2ce705617642499f4590986198f024e
3880
jelma.exe
C:\Users\admin\Downloads\relatedcurrently.jpg.redod
binary
MD5: d681b3e6eec5b174bece37d8786e7981
SHA256: 1b065b3a474d87ad2d303537e5a79a24c7492ce8b3b3ce1f5e1a8582499ff077
3880
jelma.exe
C:\Users\admin\Downloads\mmbook.png.redod
binary
MD5: d717f2deb401ed0e43a260073b88a979
SHA256: b4c3b8389510a710f6ffe705629ab8e99f20e1f6c51bf559a3c25f43b39ab69b
3880
jelma.exe
C:\Users\admin\Downloads\passbasket.png.redod
binary
MD5: a81313662a64924612cc3ebf82b1036b
SHA256: 6ce6ff90a94a553f8add3088a81d8ea572707ff04e08ad34cadb74390e0573bb
3880
jelma.exe
C:\Users\admin\Downloads\computerfacilities.jpg.redod
binary
MD5: 27acb18f72e374977e67c0bd7fb12db8
SHA256: f5c2da00b22a8c32b8b1e243d76e6068119673d5a44c0491a5985aabb0415a16
3880
jelma.exe
C:\Users\admin\Downloads\relatedcurrently.jpg
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Downloads\passbasket.png
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Downloads\mmbook.png
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Downloads\britishread.png
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Downloads\computerfacilities.jpg
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Downloads\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\Documents\Outlook Files\Outlook.pst.redod
binary
MD5: f4e877e436a8a7ed0b007c8028a8fa8c
SHA256: 812075c3b665a1da733c28040a818e3507a68f885465a78daba86742c40f2730
3880
jelma.exe
C:\Users\admin\Documents\sciencesnature.rtf.redod
binary
MD5: db73d9376461a21d5b7f561d970ff37d
SHA256: 17fe6665cc48b1234c13a90ba046677ae7e9e1096a345510a6ce20b937e799fa
3880
jelma.exe
C:\Users\admin\Downloads\bibleagreement.jpg.redod
binary
MD5: 09c684ee67adb26c6dd65317354808b6
SHA256: e43996f840d100c89c4b71c80af30af10109dd753eb26bec89a210ba30b8eb4c
3880
jelma.exe
C:\Users\admin\Documents\visionstate.rtf.redod
binary
MD5: 2c8a1bbf14af449db8fbe72a1dfb39b8
SHA256: 290dc77de01670f53eeaeb1c2496866ee07211f25c2d712daf0276fa2d780f2e
3880
jelma.exe
C:\Users\admin\Documents\visionstate.rtf
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Documents\sciencesnature.rtf
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Documents\Outlook Files\Outlook.pst
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Downloads\bibleagreement.jpg
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - test.pst.redod
binary
MD5: 2f26ac5ddd02d9df511331b159ae4b4d
SHA256: 69d96530ec8b1d1b36d5af85e55df8f26af79fc498aff720e18c45d89bcef68c
3880
jelma.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst.redod
binary
MD5: 16915b3e8e080051c6cefabc426b95d6
SHA256: ec58ca1ea2fc2ae28e0155d8a90697b267f49674dc931984e4fe494b29d5174a
3880
jelma.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - test.pst
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Documents\Outlook Files\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\Documents\Outlook Files\[email protected]
binary
MD5: 7c1355acd446be55e8e1dc044f92e26a
SHA256: 813d62770c92390fe02bf7acc70c09f9433b5a8ed3eef89af0cacbb9ed7d66e6
3880
jelma.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Open Notebook.onetoc2.redod
binary
MD5: a37c6db27e36f1bbe9bacec1aaa56349
SHA256: 00368eb5505812b35d2595e803fa2b763cff1042824997c6c37e8a5dfa7e05ef
3880
jelma.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Unfiled Notes.one.redod
binary
MD5: 080e5dc109e85f58f7114e4b53cdb778
SHA256: b02d16f441842764c5f75b88f04b3398095b87443d2a26e1a7b46a00007a9970
3880
jelma.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\General.one.redod
binary
MD5: bb6b7a21edefc6bd2fa44e81173aa2c3
SHA256: 3d280fa0226a5f2acb546bfeb0d1aca14aa0e673f1e0b944e5c96c779c27c057
3880
jelma.exe
C:\Users\admin\Documents\Outlook Files\[email protected]
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Open Notebook.onetoc2
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Unfiled Notes.one
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\General.one
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\Documents\marvisual.rtf.redod
binary
MD5: 48e98f45fc607741d30b81b3e30b0a95
SHA256: 6ffcba6a542c3b511c617a17c6b6507ae607132464dd47fc6450de2dc507671b
3880
jelma.exe
C:\Users\admin\Pictures\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\Desktop\yetbook.jpg.redod
binary
MD5: 1dd0eb889b229b9d1294923b523cc6e5
SHA256: 16cc384161d4e5ae410b67acb3666850765d660903ee95e7b5f58dbd59db9c29
3880
jelma.exe
C:\Users\admin\Music\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\Documents\OneNote Notebooks\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\Videos\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\Documents\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\Documents\marvisual.rtf
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Desktop\teststone.png.redod
binary
MD5: 94d1c132a4b697ea9e43022a56aa4fc9
SHA256: b4d2cff90d9b51227d85f77792e8f79222a6610633fdd25c1c8df77bd62237e9
3880
jelma.exe
C:\Users\admin\Desktop\usefulinternational.jpg.redod
binary
MD5: 7c34ad871c1a3723d5c4e74a4a7c466f
SHA256: 49f8e916e30cad1e84ecc4dce9d04b241aed7df1d708614254aaa467fb3e658f
3880
jelma.exe
C:\Users\admin\Desktop\yetbook.jpg
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Desktop\teststone.png
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Desktop\usefulinternational.jpg
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Desktop\studyat.rtf.redod
binary
MD5: d6489c74b9d9e73f4c155166f1eebc8e
SHA256: ccce26f64b3cc0cf34bdde0af6031ce3437e475f99293ce8ee1382f0a5ba901e
3880
jelma.exe
C:\Users\admin\Desktop\randomissues.rtf.redod
binary
MD5: c317d4fffea7f65746093f3f5022b906
SHA256: 0bfe4f08f71b04dfd8f18c278a156501f3a359e6dd0bda653be444ea19186bc0
3880
jelma.exe
C:\Users\admin\Desktop\randomissues.rtf
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Desktop\studyat.rtf
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Desktop\introductionblood.jpg.redod
binary
MD5: 0958162ebfcf7b1b7ccd0fabe3ed1658
SHA256: 898e8bbd918492c9997282e5472a30dc34458e5462780943fef1e9852372d781
3880
jelma.exe
C:\Users\admin\Desktop\priceindian.rtf.redod
binary
MD5: 6aac2a6b1f50ae40a549e03123fee15a
SHA256: 2876ee1a7571790998fd69e966f5b1d25adc96e34de6ae8a3d44ed151caf9f6a
3880
jelma.exe
C:\Users\admin\Desktop\maccessories.rtf.redod
binary
MD5: 50a55d57fbb7c01946be78b6527937ed
SHA256: d641046fee791cddccc24f9f3e08fa0927dea4bdedc954bb668d638cd49c8c11
3880
jelma.exe
C:\Users\admin\Desktop\introductionblood.jpg
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Desktop\priceindian.rtf
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Desktop\maccessories.rtf
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\Desktop\becomemaybe.jpg.redod
binary
MD5: 1c31ef0360d992a3fa958b20889e0478
SHA256: 3ec8957fb70da35eea17fe4f1640316d94246a69c347ce4c6e4751a142213e4f
3880
jelma.exe
C:\Users\admin\Desktop\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\Desktop\chicagonetworking.rtf.redod
binary
MD5: c2f4b2972d09c342b6445d768f4c739b
SHA256: 337e3e8ba3aefd5e564039f47754bfaf0dea777f63a4116e5760bc58b334eda3
3880
jelma.exe
C:\Users\admin\Contacts\admin.contact.redod
binary
MD5: 5066018885ae7c6b0082d167ff34504e
SHA256: e36c4b013eecc0a0a22da5276e6667b26850cca00b5c55c9b0c3a1133c3093bb
3880
jelma.exe
C:\Users\admin\Desktop\chicagonetworking.rtf
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Desktop\becomemaybe.jpg
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\Contacts\admin.contact
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\WinRAR\version.dat.redod
binary
MD5: 2739dca3ceafcadbea69b735c80442f1
SHA256: 1ba0859cd8fff2b70fef56f7414e31af93a10974bc4f3f02f082c57b537bbb70
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Sun\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\WinRAR\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Sun\Java\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\Contacts\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Sun\Java\Deployment\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\WinRAR\version.dat
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Skype\shared_httpfe\queue.db.redod
binary
MD5: a019076289bec7ab347074b20ec14482
SHA256: f46352290532f112c096edbb44b11e7ed7421e9b06fe245c41d3c841dc5eef9c
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\skypert.conf.redod
binary
MD5: e8353e9e272c556092335e30e0eeb4d3
SHA256: 829be3742c97c4485b7ad2ce14f65c4a97044187e3b9600c6c651306e3431475
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ecs.conf.redod
binary
MD5: ef61b7661c9786d29318329dacf8fb8e
SHA256: d06afb71525126e1d5563ee032568b7e5966d32c54c57f45b59332e2e0c88160
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ul.conf.redod
binary
MD5: 327d892f99ad4432a5a732eca298e410
SHA256: ab7131d5c3700b5a58f9ca491e5cbc0a939b13de3da4976a1ea299bc3d1b4852
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\skypert.conf
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ul.conf
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Skype\shared_httpfe\queue.db
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ecs.conf
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db.redod
binary
MD5: 20cefd06ef975b71d09f086a505b6899
SHA256: cd261e9854dd0c01d919c4fbda83330b003829f3a1dc405b9a16f7edb35c6813
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db-journal.redod
binary
MD5: c884c0a1d9fbae7a9d1c95b861cf6374
SHA256: f03c00502e7b257ec861b1ad62429454d6ceae934ae876cd9ac8bc16aec1855d
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Skype\shared_httpfe\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db-journal
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Skype\shared.xml.redod
binary
MD5: 2f8e07b55719fbea08024726f3ba8e2a
SHA256: 8723f044a578d1ac8a7c8bc25d18cda76add6c4f8d3d8db29195ff3b00379610
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Skype\logs\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Skype\DataRv\offline-storage.data.redod
binary
MD5: aa183c73fcd6909b0d2bba84ab76dda2
SHA256: f3fbe03ffdf5d92eb62f7cbf6daa750224184ef4f84fa02f29bd917b253ffb6f
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Skype\shared.xml
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Skype\DataRv\offline-storage.data
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Skype\DataRv\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\wand.dat.redod
binary
MD5: e9dbec72a40390f0dc60726a21bb80a6
SHA256: a72118dd652f8664f8bffc747a05eac1e35ebbcafa0583a673890e11f33a2bd5
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Skype\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\webserver\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\webserver\users.xml.redod
binary
MD5: 211ec8c27b56449ba851abf02222c7d9
SHA256: 17dc8dc041aca19f73470e425ed69aee179e3fe41b43673379081c7662cb8f99
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\vlink4.dat.redod
binary
MD5: d4229f0433a432485ef7f2629fe6d7db
SHA256: 3d5d41cb59779572d36ae9aa41629f7515c9717b8eeb2050c8a41ff82881b21c
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\webserver\users.xml
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\wand.dat
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\vlink4.dat
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\typed_history.xml.redod
binary
MD5: 8c260813772d5765d464df63c7157730
SHA256: 15b804346f8be34a51d08680c9c99c148d541754bd94efd2d5e335dd83dcc214
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tips.ini.redod
binary
MD5: 5d0afa449de21748998e9a352fc79924
SHA256: d8dffc5705e7e6ea18c5cef6c471edb2afcb64d24b3c6217373a9151c2b56ba1
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\typed_history.xml
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tips.ini
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tasks.xml.redod
binary
MD5: b118d6e7cf5a178dac2d381440e4702f
SHA256: bc3c15234b5459cdeaf45d8e465ac4bef9761c2193917899271531b764ec0712
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tasks.xml
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\toc.css.redod
binary
MD5: 26c2bd3ceae44045114a1e73fbb0801e
SHA256: 669f3d5a33a3687608d5771ecd7adfc1fb741227828af5cbfa5401b3d2434597
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\tablelayout.css.redod
binary
MD5: e38cf452b28392f77497e590959192a8
SHA256: 06efc2abf3600c1ce6e4ef70f856bf18460a227a105ca5bacdf838c2561f326b
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\toc.css
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structuretables.css.redod
binary
MD5: 7705aee6bf11b5963eb6f71d019dce70
SHA256: 2358d04439cdbea8723bca15b096e0d82b591fbb054051389fcc79d372fee25a
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\tablelayout.css
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structuretables.css
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureinline.css.redod
binary
MD5: 9ceaa02f90c7f551490f18a05bc251f9
SHA256: f485c094cdeaf7663d96bc8e63284cfc40e7cd3840a2be809dedbd022accadd2
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureinline.css
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureblock.css.redod
binary
MD5: e063b2faa46968e9d99a19dbada0f4bb
SHA256: 87be4333694ff9f242b4f85c46a59fd5f46eb661c99bc6d6472ba9e23fc739d3
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureblock.css
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\outline.css.redod
binary
MD5: da414d97c6ca91ba1bc56979235a38e5
SHA256: 118fd56077628f62e577d7bea1a3c0540e2b389fa79eadf7c77402c5310efca9
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disabletables.css.redod
binary
MD5: 9be0902e24f8f221946973369df70910
SHA256: 3aee33fe231ae9d3e0552c6e6aca4e58c8ae57b100ef04056f87f79af69abd08
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\outline.css
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disabletables.css
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablepositioning.css.redod
binary
MD5: 4c297c0d2f3ebe64e4307670a74a8b70
SHA256: 06bae655dc6516f83d386c3ac02cf9546a4c8bb653f2be9d4348f9b3093bcbfc
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablepositioning.css
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablefloats.css.redod
binary
MD5: d070c7b0245642445d01bd1cac9c3de5
SHA256: b380bee8753a190bb58d3bb16011753ac9a1384fd075ee59c2e85a0c1544d082
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disableforms.css.redod
binary
MD5: bd737e59baa59c781252660959d292ac
SHA256: eac983d7b2fbd7a9dfa6b605f91023b58458dc0cac3ea9738fd6e67c30ea968e
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablefloats.css
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disableforms.css
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablebreaks.css.redod
binary
MD5: 9c2222c0a0ae20da318e1dfd539cce02
SHA256: 1b105052d63ffe5c78735e1a5587906437e5d950f912c9fb76c501cb1479b4d8
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablebreaks.css
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastwb.css.redod
binary
MD5: 11161d2a6723dd302c9be88bbd363bfc
SHA256: 96ce5b05a53571ba07c1e71a2eaa82c44bb96ca93fcc30528f7edf844293a8e3
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastwb.css
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastbw.css.redod
binary
MD5: 4218095017af1fd5e008d8ee647b3760
SHA256: fa0b737e44080e5fbd0b59d6219683a7fc787918df6d963245a0fba8e3a502ed
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastbw.css
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\classid.css.redod
binary
MD5: 7d92f2885c6a22ad60bb7840f1c17568
SHA256: ef76782cb03d1733020cb565a3f0f04f16256e34f0a478b26a9452c60fc60da6
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\classid.css
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\altdebugger.css.redod
binary
MD5: 3615b828821cc3c112ed6d3a9a778a02
SHA256: 1141e0c65adde4bae10b12cec59b532fd40af837671d5c9c661afc9ae3eacef9
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\altdebugger.css
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\accessibility.css.redod
binary
MD5: 3c84b3b4207446d4c3d3a523e2093675
SHA256: 9588848e72dccbcddc5d39dbf61d71ec2dfe301e52bcb3253a73da946a287e62
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\accessibility.css
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\speeddial.ini.redod
binary
MD5: fdc16d6832b93aee220e60424203fb06
SHA256: a3c9c562cffeaae28e4054f602a23636aa4d35052f08a1635ce9fb3e3c740fa1
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\speeddial.ini
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win.bak.redod
binary
MD5: 2d87a15206f8704a1eab8d2ae4bc01d9
SHA256: 4224a2124f7c141af8743d621b259990a48af28c626a8996053d81c5670e4fdd
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win.bak
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win.redod
binary
MD5: e0dbb94dee1b22cd0ada709bd8da562c
SHA256: 41686be752c45579de2e1b0d04f908a72b237a3dc251b10b2d67fda546b19668
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\optrust.dat.redod
binary
MD5: 2a8298577c995b736179ab8d7703e14c
SHA256: 2481e14b3d401151e1b7d81a444416e4930acb46ee6240518fb814019f714cf0
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opuntrust.dat.redod
binary
MD5: d8b6e19865038056e52cf3f79b813b0f
SHA256: fb7e7090cd81a44ba2f97b89af0c8d345ef53a176916973ffdbf76833076bdfb
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opuntrust.dat
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\optrust.dat
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opthumb.dat.redod
binary
MD5: c42d8878c42f34110feb2e16b9443789
SHA256: bfcf27733fa37deb2ae81a43247eaab3859519a10bfc3515f3c14a27fc4942bd
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opthumb.dat
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.dat.redod
binary
MD5: 7a14f38e18a34409ddfd5c49c6461b5e
SHA256: 71645244d7abc4b5590eea27cbb9e94f1af5695703fe32bebc0484d3f6f2a049
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.dat
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\oprand.dat.redod
binary
MD5: a832a4000c683b9fc787a524df5cfe41
SHA256: 5c08637ea02f8bd5785c1d497d3693e941be081b4ee9747a8cbfdb9d8ad0bdb2
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\oprand.dat
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opicacrt6.dat.redod
binary
MD5: 51a876020ef6af9eae265ecbfa04612e
SHA256: 1611fa63172a081c2d8596ba2d9a781a72737945016aee21063b718d8e2e4620
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opicacrt6.dat
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.ini.redod
fli
MD5: bf5fc1a9c725bf712e670fc541763771
SHA256: ab62ca576324f9a7072ec44a435f1bdc1006e50b72b70f7ecc0c6b87acdf0b26
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.ini
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcert6.dat.redod
binary
MD5: 785048786584fb54927a7216ae533ae0
SHA256: 8b2e6cab3f9251acc727b7ce938ba2d456e0029d31645cf0e5239202d7abf5aa
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcert6.dat
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcacrt6.dat.redod
binary
MD5: 1a9a7bbe83895e630ee0cedc45c85ece
SHA256: 2d45041e994f7bec32e6d430e119874ef8d32e2a331fcffe61bd462ea759a18f
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcacrt6.dat
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\handlers.ini.redod
binary
MD5: 9913112df1f4d7396782cd71b245c7bc
SHA256: 13ce1469b2e936cdcc172a6fdaaecfc05d49a87197fe7078d5ba9849762b30b8
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\handlers.ini
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\global_history.dat.redod
binary
MD5: 943d5159d26f78274acbd6a26df2ce00
SHA256: da0c38af884973fc66b6618e181c6dcb271bbe84effcee77ecf902b610e61a58
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\global_history.dat
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\download.dat.redod
binary
MD5: 78c488feb93375a7e4efae60359a12e2
SHA256: 7a8097a3ee74c124211a567a2e3ab195c93f1076f3585d8af8416f79401b8a85
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\download.dat
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\cookies4.dat.redod
binary
MD5: 795411882746dc825b21bf9a6d076d60
SHA256: 7d420d4f385052dde63b1b68280d0723b9177cbb72997294be68909bc84f9638
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\cookies4.dat
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\bookmarks.adr.redod
binary
MD5: cd9ff3972c3e0cafb1f881d6b2c03c69
SHA256: 356eb3bca47ffef04b8b469faa72530f59e1061804a7e32f05f65ff8c94f866a
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\bookmarks.adr
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Zenburn.xml.redod
binary
MD5: 4fef0379dd8e3eb72789b7a242a989ce
SHA256: 3f74e88ae3903310941c2a82d47daafcf8e643964a1c2196a6512220696734db
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Opera\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Zenburn.xml
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\vim Dark Blue.xml.redod
binary
MD5: da9906732f740b8e64a863603b4657de
SHA256: 035c6a8d5cf9da09f11c06e1084c678df6d75edc07c97ba00ced1881339ed158
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\vim Dark Blue.xml
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Vibrant Ink.xml.redod
binary
MD5: ae9b0f6afb6ea78c5704b408b8306708
SHA256: 0c11ce2924c75eb5c13aea3d33b816057fa43d4ab88d3d2fef792b4e018e3c32
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Vibrant Ink.xml
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Twilight.xml.redod
binary
MD5: 314915cbd5d54e3b4e3d7100234807f8
SHA256: 13c8ee2e474ea997526085dd6d6e33eef9180cdbeb90a02cccf6307efb295b0a
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Twilight.xml
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Solarized.xml.redod
binary
MD5: 94e66618ebc0a626010ff726a197d138
SHA256: 340580dc5283d838153775c579215ed0050687139e0a00746c4008b03d024676
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Solarized.xml
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Solarized-light.xml.redod
binary
MD5: ade3c82dfede72cfb99c8e98a6710489
SHA256: 36d23fa085bdf246c130433a757b4ca8160cd747a55bbc092740e5880ca96634
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Solarized-light.xml
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Plastic Code Wrap.xml.redod
binary
MD5: d7f364dcfbe7e883560b1280fa1955a9
SHA256: 8516f25a69270296c67e9fa6009d52b2ce168665b2ff81fa9ea8489aa52d12fb
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Ruby Blue.xml.redod
binary
MD5: 483cd4a1f1b5b4bccf7fe11df3b54ced
SHA256: 08c18b53353adf426f8802b2f729e68a52f501b71a2727c4ce826746d4efe772
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Ruby Blue.xml
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Plastic Code Wrap.xml
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Obsidian.xml.redod
binary
MD5: 855da60a96dd8f934c9c54c7521e54a3
SHA256: f2ef43cd0d9077cd515b3ec6e77f87cc566bb9f2ddbaed5a937fff06e719eb8b
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Obsidian.xml
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Navajo.xml.redod
binary
MD5: 1d6892aa252093202c31b97161a5a2f1
SHA256: 94eef789d4510f83739b17f650cffeb826112fe9b7a25ba0ef32d931de581a28
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Navajo.xml
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\MossyLawn.xml.redod
binary
MD5: 8ab2e14c1e399c1e147b346c868d0dd3
SHA256: 79c0cabbe5624cb6ff8bb57b8dd5694b1ae3bbf07514b296ef1aa40400f80213
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\MossyLawn.xml
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Monokai.xml.redod
binary
MD5: 5fdc6b1bab4524c71036d168060a7dab
SHA256: 9cdf9829d121a77c3ecb4252f4169664ae73821ba38806abde818ec260001af9
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Monokai.xml
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Mono Industrial.xml.redod
binary
MD5: fb74a8ce20425dbb7f533a7ec488e125
SHA256: 6747d73b7cc06853f998cbb554f4665025ad3ae70f06a8a97d86d5bd56d2be89
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Mono Industrial.xml
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\khaki.xml.redod
binary
MD5: 657f9591b352d09fc36d53e95a67d154
SHA256: ca4105d7f54d4e970cd518df4a5ecd9c371a69a6a0dd8e963816c08385c4e93a
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\khaki.xml
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\HotFudgeSundae.xml.redod
binary
MD5: a17d2d343cd539d7c584988f65765138
SHA256: 481a27c70bfd0b8acbf529441075d3cebdc9f1e0076a48476e356927103f7521
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\HotFudgeSundae.xml
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Hello Kitty.xml.redod
binary
MD5: c7125978c173a7689a4f893561892197
SHA256: 424d44a828df5cc36d60beb841365d05f3a5e24a77fa4f77bf2e8a6ae31efad0
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Hello Kitty.xml
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Deep Black.xml.redod
binary
MD5: ee6a1ac688af0e9225ecfb31e7d1e82a
SHA256: 6cbcf79c694a39cc12671eb2aa3eea87e7c92012ae6d8898f0d21939bd5fe511
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Deep Black.xml
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Choco.xml.redod
binary
MD5: a4072529a550d61fb3b648947a2c01f8
SHA256: 46941a44cd9dfa27d65fabf30963464127268ca4266919c870c6f9ced84bafa4
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Choco.xml
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Black board.xml.redod
binary
MD5: fe81155a3773bd3d58312293d27ff6ce
SHA256: 192212bec9920ffc918a676d1279e1138b93ef597a38a4bc94a9fed996d4844e
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Black board.xml
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Bespin.xml.redod
binary
MD5: 969a589c1825888ae52c2cdd5a7b4fd5
SHA256: 833028fb0134f3f27ea7f788b0d56dd6f15ed76a72e6fbeb0ee48143ca253369
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Bespin.xml
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Notepad++\functionList.xml.redod
binary
MD5: f29a8a5466c50d84b99f2f4e2b605f79
SHA256: 4518124398bc8e8ff08ac6e0ead469c6e94d3be5123b2dd8b4f48eff29dd84e3
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Notepad++\plugins\config\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Notepad++\plugins\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Notepad++\functionList.xml
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Notepad++\contextMenu.xml.redod
binary
MD5: 0cb0505ef925781194adc0ef74fb12b4
SHA256: 7d660f8d1855fadd6428c597d683812cc9402c9cdf4089a1541b53808deaf093
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Notepad++\contextMenu.xml
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Notepad++\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\profiles.ini.redod
binary
MD5: 2f3491e6f29da6a499a07cdd73488214
SHA256: 939d34ff5b2e830051d770885a71cd43b95d7151412305d405084084da6c8333
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\SystemExtensionsDev\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\profiles.ini
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\webappsstore.sqlite.redod
binary
MD5: 8c274566a6b893a217a23022ce64455f
SHA256: e663996a0e16b876a4896a6fe999e7baec819a63d6d37a752c3f7017bafb3090
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\xulstore.json.redod
binary
MD5: 3d3ee74ed83b3463a96bc7ec1269f8c9
SHA256: b9b23a01506955bd2636d3a582fa81552dd9c5770c50725d95ec72e19f2ae80a
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\xulstore.json
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\webappsstore.sqlite
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\toFetch\tabs.json.redod
binary
MD5: 315a9ab0057fe4342577730a300e3e86
SHA256: 75181489bae44bdd92e891dbdd9e0400078e7270126670ff97a1e003b6a55088
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\toFetch\tabs.json
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\failed\tabs.json.redod
binary
MD5: 22f1b63eae71c7b69f6f9ca808049019
SHA256: da8291338bde37ed7966c8b1b1588e855b2d0a3b2823e243785e45f4a5b16955
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\toFetch\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\failed\tabs.json
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\failed\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\times.json.redod
binary
MD5: 71756519708bcfbf36195ebcc4bf3d83
SHA256: a6c11682b92d3615bbe6cf25690c89f9038c42ed0fa340d5c1bcf5861c4c7719
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\times.json
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage.sqlite.redod
binary
MD5: c87ec001a8b596c985df9ca3adc94c0f
SHA256: 4303b529a16443dbff07c121165e880134b21d43a00af3f872cbfc184c4d6e4f
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage.sqlite
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\temporary\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\727688008bsleotcakcliifsittsr%.sqlite.redod
binary
MD5: 89b68ea7d8a3d03152cf6c16dbe4e84a
SHA256: 786caa09925ed618e1742c24271c1006a99f71ab3ac7828a056deea1ba6a9a10
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\727688008bsleotcakcliifsittsr%.sqlite
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\727688008bsleotcakcliifsittsr%.files\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3899588440psinninpiFn2g%.sqlite.redod
binary
MD5: 68162cee9f9fc1c2c87bb59d8391d2c3
SHA256: c043c9d3cfd220211c30908dbbae64a44cb85ad68649f30a6c3fbd194da68867
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3899588440psinninpiFn2g%.sqlite
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite.redod
binary
MD5: 6ef212d2bf87cdc2fd5e7719827f3688
SHA256: c13bcaa4a1507a4102189d72343e53b34ababa9d7d8a39c2256d354cac2b94ba
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3899588440psinninpiFn2g%.files\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3345959086bslnoocdkdlaiFs2t%s.sqlite.redod
binary
MD5: 189b17a937706a9451c618ba3353c63e
SHA256: 28eac53cbb0fe49c0cbd5743f32ddc869294461d63687ae64dfa63bc2f847e92
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.files\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3345959086bslnoocdkdlaiFs2t%s.sqlite
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite.redod
mp3
MD5: e1ded089ce6f40484865b92cae49f7c1
SHA256: becf00eab9b457696b090ffd6aa7e369856424b9e93c4ea9a581641d311d6f06
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3345959086bslnoocdkdlaiFs2t%s.files\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.files\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1725441852bxlfogcFk2l%isst.sqlite.redod
binary
MD5: e2a3c274c91980be8a46f7ecb7e92aeb
SHA256: 7534568b144d0f4121c7735f1a37377a953d29b8a1bd2a3caecd9d7bb68af8c7
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1725441852bxlfogcFk2l%isst.sqlite
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite.redod
binary
MD5: f144121d602d9afbdce83e5af6664b27
SHA256: ee09f262c350920f3e17b53e4c410507219b56077056993e58772858c0a7f9e9
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1725441852bxlfogcFk2l%isst.files\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite.redod
binary
MD5: 62f87f52a50ee410b2a21daf56c16516
SHA256: 89026bf3ace8ce175bc628b1493c104b3fd6db107ce0dc332f0350324ca2c9a0
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1059394878bslnoicgkullipsFt2s%.sqlite.redod
binary
MD5: 7cc5ee3f0178f39c3541394d00067121
SHA256: f9de5264239fd2be9775acb6196e2798600176e29d3c964a86d6f6dfe9e6b777
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1059394878bslnoicgkullipsFt2s%.sqlite
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: 0442c13bfdc36c2477b5f7929ec3e6fd
SHA256: 7d49c3952dc75c9ec69c3f2ed4b6d407c64d448036bb6fe745c2e7e6ffa54790
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\.metadata-v2.redod
binary
MD5: 0d83e61ac0451fdddc8f973f2dc283c4
SHA256: 9d686eabba289e18929e07bb658f44890784a82de19a63577adc3a27c1aa6f12
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\.metadata-v2
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\.metadata.redod
binary
MD5: 76eadbac5c86e5c120d7b5da282d6480
SHA256: ca6bf179d08808efac1882b48edbe3f32159ce65bed6719cb687a85e0d99ab5b
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\.metadata
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.sqlite.redod
binary
MD5: b2bd35eb8cf1bafd4e7cda3f32a0730f
SHA256: 5cad462618cd836a7b1838d33d31d51731693d6a5a648fe6695a0613d299d8af
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.sqlite
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\journals\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\1
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\1.redod
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\.metadata-v2.redod
binary
MD5: 93da5855ea2616f842b2e03992551a0a
SHA256: 7abe78a72499e29af5c61742010edc5654f182ed165daafe5c4f7db9e03fcb3e
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\.metadata-v2
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\.metadata.redod
binary
MD5: f98263745375a33f7c6d9edbf9a66769
SHA256: 74a70f9df7c9873cd77902cfdb8e290e0dde5e8ac1b688c5d77554199159aad5
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.sqlite.redod
binary
MD5: e7b50f2ed3f40dc12449a74f2670f2b7
SHA256: 1fb352a2158102d739148ea162c4d4309736fb7af50d824ed3e15aa998b7dcc8
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\.metadata
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.sqlite
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\journals\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\1.redod
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\1
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\.metadata-v2.redod
binary
MD5: 3be3f9bef9d4426adfe4b35128d93eff
SHA256: 5eed0fde65d4b52d668f2e5c21f0eca32a6aafaf3a711d78baec1b98a60fc8b9
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\SiteSecurityServiceState.txt.redod
binary
MD5: f11020b07481d1b70b27ebea8faede07
SHA256: 7d2de4f7c21d665792c0421a1adb43ae4ec4c465622665a377fdae92c38863db
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore.jsonlz4.redod
binary
MD5: 899fedb4a70dd5af1efb19ca1c5c02fe
SHA256: 3d3640487b31be78aa9a9566da8325f0d469db1fe0e73e1d16a2b8cd002cef13
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\.metadata.redod
binary
MD5: 12df892933fff5d55967a43978bca404
SHA256: 164a6a9ddd3406ed4fbf8748bb1e721cfa33bc33adee8f24835e5fcba9494c58
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\SiteSecurityServiceState.txt
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\.metadata-v2
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\.metadata
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore.jsonlz4
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\previous.jsonlz4.redod
binary
MD5: 49b4ea0944b21febd069b47b8dcb9830
SHA256: bc427987eea0ec034f706a84f0eeaa7c5031735a3ab4e2f07a58971f2084b68a
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\revocations.txt.redod
binary
MD5: b28bffb9513959cc830f83862e1c17c0
SHA256: d9d1b4d4d1e6c2142d64c2f9bd476cf3340e508bf2705fc95207eb06c624ed54
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4.redod
binary
MD5: a970f51ce402e64bdcfec30c18d40e5e
SHA256: 80382ae2fa92530b2e9efb605a905dfbea82fd26dcc483db4b837d45a1a2f784
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json.redod
binary
MD5: d4f1c0b41d6b3251169bda9d76852d14
SHA256: da00581a4a047d74e244c41297a8039eef6273d9fd6384110ebf9ff38cb3d533
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\previous.jsonlz4
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js.redod
binary
MD5: 15f96ebe9c438236ff1bb08f7225ac1c
SHA256: 3f9a5e67ee480d617e6b02f360a4ad47c191dc4b370ec9ee133031fe03c99da9
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pluginreg.dat.redod
binary
MD5: 9e452234c75f9759afbb7f5b9f71f9df
SHA256: e8788f114ae0e290d75ffa4aef218aeea91642a9f09a3ba1623f85bc6667459b
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\revocations.txt
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pluginreg.dat
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\places.sqlite
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\places.sqlite.redod
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\permissions.sqlite.redod
binary
MD5: 94b6d238162f5e40fd5c16852898e938
SHA256: b65ea07cb9d493206a3317eab66ab100b2a2d3e40f052aeeffca9163ff4eb927
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pkcs11.txt.redod
binary
MD5: b453d07236b9bf883e2eaec5c8404660
SHA256: 53154e6adbd1bad9ad205acf3869090681d9efaf1e4f137998573bb4075f5e0e
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pkcs11.txt
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\permissions.sqlite
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\logins.json.redod
flc
MD5: 032277894ae96b22aa77486221de30f3
SHA256: 4d16d553915a97a61b8349624f1acfad1a9186d741bbafcc06e5418ee9a280d4
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\minidumps\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\key4.db.redod
binary
MD5: 42b5e2e32a23d50d6fb9f509d183659f
SHA256: 48fd5e8dd3c705944a21e779e4a6b2cf6e14df7a57082bbb01178be7c67f1765
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\logins.json
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\key4.db
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll.sig.redod
binary
MD5: ccc7c2bece8841665565e9f973b2d788
SHA256: bc7b6a95015882cc1e1394af9248efb66b7da51d3c43f68b52560e7d2ae79bfc
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll.lib.redod
binary
MD5: bfaed8e11f7b9f79999a60de99519b6f
SHA256: 6f26618e18ce3d3b57ddbb1197dc3e2545ec929ea95bde986dbeb9c3d4f0ad23
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\handlers.json.redod
binary
MD5: bc9969abeeeb6195fc61c452d780314e
SHA256: 0e2d5791e69eef809ec63a138cb60b310aac5113d17bd202c14c057f820f8a37
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\handlers.json
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll.sig
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll.lib
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\manifest.json.redod
ini
MD5: ca1ce7a9977292ed658def28e5d72beb
SHA256: 40104d2f26935d3df94e80c6e5f2f8e639c64c0c5b4ca98582f67327b29f7c34
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\LICENSE.txt.redod
binary
MD5: 07c3ab7b0acf510418fd4bad88967a32
SHA256: 5e2fb557181f77862adf32fae9e943dd3070b3d3c48ca76430f17cd84ab0f14c
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\manifest.json
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\LICENSE.txt
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-gmpopenh264\1.7.1\gmpopenh264.info.redod
binary
MD5: 2b1d6916c22a0d37fd16d9b6ae7044ae
SHA256: ba9c730d9794fa5e0b6144e50c42b80c420c18f618d37941462673178a5c667b
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp\WINNT_x86-msvc\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\formhistory.sqlite.redod
binary
MD5: a2c142821433b42e8fdb5909d47f33e7
SHA256: e27b7ea5d0bcac6d2fd0fd6f94a31275c43541826fc41925b8a7c75fa1765cb3
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-gmpopenh264\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-gmpopenh264\1.7.1\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-gmpopenh264\1.7.1\gmpopenh264.info
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\formhistory.sqlite
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\favicons.sqlite
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\favicons.sqlite.redod
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\state.json.redod
binary
MD5: 8985b297ef213f4a8ace123a9a287677
SHA256: 87c9dcfad04e489ad6f2ab439714eeeeb358f7f317ce0c846dd6e9d0873063d3
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions.json.redod
binary
MD5: 29345317ee0d75789a72676624f3ba54
SHA256: dff5a0464a23c7b581963d2a67f780d6ebc79abd7c89e56778dab9d047821b4f
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\state.json
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions.json
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\session-state.json.redod
binary
MD5: 9301ca8b1d00325d19ab7ba4ddde2a9a
SHA256: a2d609055e66516dcddea7374be187af4cac96d545b2817312a38dda84ddf312
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-09\1536510464398.048632c6-c96b-486d-b119-7e1a7a9c9e9a.main.jsonlz4.redod
binary
MD5: 95963a6913ef4cd56024543e689c8110
SHA256: 9aad117fa8d8a6758d5f5719d758d910ebacee18f2b537e609467d027e455848
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-09\1536510890757.0bd2c0b0-6051-4678-a27c-37f3c0a0c3bf.main.jsonlz4.redod
binary
MD5: a505417dab6782eb831c37a20b2bb3a8
SHA256: 587f4f366770213e0f77a50bac7116c3f9c4c03c3fa408c8aa92a55254817234
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-09\1536511076670.6fb1a61f-96c8-4004-a260-a8d32e45a07f.main.jsonlz4.redod
binary
MD5: aabc49dc545508cfb38b8a1eb1333397
SHA256: 0b043596e033d742964c34c2594c521f06ea9aeae8fb1e6dc608d61affbf4bb9
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\session-state.json
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-09\1536511076670.6fb1a61f-96c8-4004-a260-a8d32e45a07f.main.jsonlz4
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-09\1536510890757.0bd2c0b0-6051-4678-a27c-37f3c0a0c3bf.main.jsonlz4
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-09\1536510464398.048632c6-c96b-486d-b119-7e1a7a9c9e9a.main.jsonlz4
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-08\1535455254239.6a6d1f6c-b378-42bd-83d4-6375a8d83c94.main.jsonlz4.redod
binary
MD5: dc4ae6877edd4e6c75f9308cd41db60d
SHA256: 95ed23e07f220c9650bc180388b19888bdc0eb2739fe99cbb457f87efa9c5c42
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-08\1535454589777.8901d324-d310-406e-8d96-2ba1529e4bea.first-shutdown.jsonlz4.redod
binary
MD5: 74335e60ebe82670287edd1279c473ad
SHA256: 34a64c86b95226a0bff24ed4939eb4bb6fd1881ad5ced01e9e7735cc9dceb74c
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-09\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-08\1535455254239.6a6d1f6c-b378-42bd-83d4-6375a8d83c94.main.jsonlz4
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-08\1535454589777.8901d324-d310-406e-8d96-2ba1529e4bea.first-shutdown.jsonlz4
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-08\1535454589776.07f73e80-2b12-40ae-97b0-fa87f3167670.main.jsonlz4.redod
binary
MD5: 532f6797d6163a500ec42d998df7463d
SHA256: bc3bea3f13ce06bfc3af6fa944df8809b13a99a3a1a5e6f7ac1372ee74974eeb
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-08\1535454589776.07f73e80-2b12-40ae-97b0-fa87f3167670.main.jsonlz4
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-08\1535454589752.05c13197-8f39-40a1-b976-59f6f9c1cc5f.new-profile.jsonlz4.redod
binary
MD5: ff3acf3c323eb9ed2d3a56265fbfa360
SHA256: 90714fc71453fe3dac6b7d66bd43578f83795866d03c6bdf3b8ead672ee9b44e
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-08\1535454581431.ff499cec-8d4b-47de-a059-a9aea3d69a66.main.jsonlz4.redod
binary
MD5: 2ae18125901a09ba7811c904fa618ca0
SHA256: 89ef4e524461e5e21e1444ea1d12c90617d9ee0593c2d7fc43cf0cce986513ae
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-08\1535454589752.05c13197-8f39-40a1-b976-59f6f9c1cc5f.new-profile.jsonlz4
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-08\1535454581431.ff499cec-8d4b-47de-a059-a9aea3d69a66.main.jsonlz4
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\store.json.mozlz4.redod
binary
MD5: 2d8a448be5ce5f56149da1b675a56e72
SHA256: d4e47e76fb3ecd9747c74e8f8c52e6dcecb1aebfc1dfa578518e3dce8459d087
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-08\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\store.json.mozlz4
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\events\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite.redod
binary
MD5: 73de1d05d2f89d39dd69c250a4b62086
SHA256: 7b6e6b6d3f5b69bb8ab87278d92a72f86e864fd16b5e29ee323ee4206d667b60
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\content-prefs.sqlite.redod
binary
MD5: c28512e9e58b62bd368ff9cb49d0e8c3
SHA256: 738c58630191751ab462e98ab41b7ebb6f84f91302188bde27be5d9f57f3f3fa
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\containers.json.redod
binary
MD5: a44a90495c8e61ed3b1757330ab7c825
SHA256: 16ea17a3cbb84f9e83fd7675d78f0319273e4e41feb23549a51874d7559c612d
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\containers.json
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\content-prefs.sqlite
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db.redod
binary
MD5: 8535fd82e88821460a0a632232f0e395
SHA256: 4d2ca1d60a61a141cc8f1ae66339c5b7437e2e083419719f5b53124672ff82e0
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\compatibility.ini.redod
binary
MD5: 27d4775e000edaa0d3ed38b6aa6ddeac
SHA256: cf5219f5ccf1fdb3806528e2084bba0ac5dd4cc5b4d37e4982cadf26ef19b755
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\compatibility.ini
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\bookmarkbackups\bookmarks-2018-08-28_14_uZyx1cMFmZ7ZpL4NneCk2A==.jsonlz4.redod
binary
MD5: 3e1b01bb50a1b6a34d07b15f4379f6c7
SHA256: 26d5cf55ac80df6074f6f0c2b4ef58fd9b9d462b813f95ca5ab003d507fae3de
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\blocklists\plugins.json.redod
binary
MD5: 4983f48f669cf38df3a6174178956137
SHA256: a03e8001add9b2a9597566d144e55ff0307b720ab6e32bb229b00dee49eb41a9
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\bookmarkbackups\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\blocklists\plugins.json
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\bookmarkbackups\bookmarks-2018-08-28_14_uZyx1cMFmZ7ZpL4NneCk2A==.jsonlz4
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\blocklists\addons.json.redod
binary
MD5: f3559fd076cbd892f9d14ab644e0d40d
SHA256: 0b55f639d6a831d1840fb8ed21d4f7a41c540233f38e412c999465b720fad2bb
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\blocklists\addons.json
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\blocklist.xml.redod
binary
MD5: bd3caf175ae7254270dbd07f5a70be8c
SHA256: 050f880be7067b886012a3117f0b532dda701fcd38f95560a5c8e0ffb5137c56
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\blocklists\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addonStartup.json.lz4.redod
binary
MD5: fa44f28872cc5b6f48523fe8adef65a2
SHA256: f789dca9c45b57894e05e5dfed1b660a47b6d6d1872043b5c7871770116578b5
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addonStartup.json.lz4
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\blocklist.xml
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addons.json.redod
binary
MD5: a26013cc4faaca54456e9d0ff6178c63
SHA256: 37bf78b50475840c42888a7095ec1331d703bf9178d1b16590d41d413b5b4540
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Pending Pings\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\events\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Extensions\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20180807170231.redod
binary
MD5: a4cb6e4f4880d50c481e8765f71e8879
SHA256: b83a9ec0164d32e7855f48454a6fcb2ad351cd2b787fa68e1f80e87a6910d9bc
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addons.json
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20180807170231
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Word\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\Normal.dotm.redod
binary
MD5: f6d82a71aaa6051f3bf1753fd43d3490
SHA256: 7758aadf30b07a516c0ec6f858fc315ddd1c228cde8b90c9b690db0bb8da47cd
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Word\STARTUP\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC.redod
binary
MD5: 436585973ae7fa107775f560cc614070
SHA256: 545f59243c6abef8fe4cdd351f8fdd50792d1521e3a88f9c1bd8c3b07ede2321
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\NormalEmail.dotm.redod
binary
MD5: f173c462e8b4bdb013fab74d312903b6
SHA256: 0e453199ad16b00017febbdf22edb6487f217bd4dfa9776020ba6df7bb405f11
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\UProof\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Vault\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Mozilla\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\NormalEmail.dotm
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Keys\ECCD4BA46722CB4F92060701865DDF09D8AF68B4.redod
fli
MD5: 264f8d39e8ec4e34a77eb09a5e919770
SHA256: 39e52558f4e6efbab6efa7f49cf15301656e099f7f8da1e298a2d94a43510d9b
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Access Parts\1033\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Access Parts\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\LiveContent\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Keys\ECCD4BA46722CB4F92060701865DDF09D8AF68B4
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\E02357FC7708441D4B0BE5F371F4B28961870F70.redod
binary
MD5: 4bb37c99bbcda309660dc99ea6cb95f1
SHA256: f15c99f15ed1d5b416b5be0e6820f8f29cbe8868650aaae18309368d851b07cc
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Keys\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Stationery\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\slimcore-0-4223384469.blog.redod
binary
MD5: 8b04194c3b087073267a2013399e25ff
SHA256: 9adc6ad566939a9ef50ba328b3edfc3d2a27033cc616ae13cca16877fbf63d9e
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Speech\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\E02357FC7708441D4B0BE5F371F4B28961870F70
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\shared.xml.redod
binary
MD5: 8cb5b3b5c79aba44c6afb8253e5fc653
SHA256: 1b47bc42398248663c811c5e6e7de4c078d2a48fe57e33a17049c75d0dbce5f9
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\slimcore-0-4223384469.blog
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\shared.xml
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\main.db.redod
binary
MD5: 7b8f8d6ff2b06d48346fb8655c36a72c
SHA256: cb74055c1929895dd47708965c2f7413f9a1643348fb44d495c504563df7be88
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\config.xml.redod
binary
MD5: c0677c883a8bfd974f505707db239480
SHA256: 51a00d5248fa0dc0f51d819ee0aa499a16387addae456cf68abb4016781ce2b5
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\main.db-journal.redod
binary
MD5: 523bc61f5019e94d44eceffd26ee3c96
SHA256: 8c91da9bea4bf20ad1d8956a89b50950931df3f540ac71b0965c6280b7aabe20
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\main.db
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\config.xml
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\main.db-journal
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data-wal.redod
binary
MD5: 9374592b817e4f62f09eaa82f8d6b4d2
SHA256: 9fd4fb5c2dbc8688a754cb453910448e3e8d6b47efdbcfa23f6b838e56e82b87
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data-wal
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data-shm.redod
binary
MD5: fe6e8db8bb06fea6d9dd7781aa7019fa
SHA256: 833770194555ed051e8e1505ebe2dbc4cbe7f12fd0c47c8ff554d51657a20f01
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\settings.json.redod
binary
MD5: 2f7f5a95c04d525b8f7071860eb7f1a4
SHA256: c27428b9f976aeaad546f39d35d60590ceb69e22849f32d821160a785b0aaf0f
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data.redod
binary
MD5: 7bcd929c8ada26e1e40e0889657b8690
SHA256: 02b609bd17a1750607fd307eff6caad6dc3c5cd312a475aef81e82c0cbc208fb
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data-shm
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\settings.json
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Preferences.redod
binary
MD5: 241fb396fe38660876abea440f96cac9
SHA256: d81f6fb8e95411e6a7c0e495a2481c82385a62f37e9c0801d8203d05c98bb587
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype_MediaStackETW-2018.34.1.3-UVA-x86release-U.etl.bak.redod
binary
MD5: 78d8f81b8d6cc0f7a07cf564a0eea034
SHA256: e243f0aa34da8153c6a3508ca7441d1cf0778e9174cb859ac4539c0f5eedd3b4
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\QuotaManager.redod
binary
MD5: 6ec7a07d807f7feef2fb48e37ac84b5a
SHA256: 075c1979fc2de588cae953a9a6e18a2c4e81907b84725552f24823eaee603ec6
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Preferences
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype_MediaStackETW-2018.34.1.3-UVA-x86release-U.etl.bak
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\QuotaManager
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype_MediaStackETW-2018.34.1.3-UVA-x86release-U.etl.redod
binary
MD5: 0e29d58603fb6f9340a4aa7a8f5bdf58
SHA256: ebe7a692fa3b6a8933d00ec49bb7d70f0403c8bc18ce9be99ab2e261e0814aed
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype.msrtc-1-1870167131.blog.redod
binary
MD5: 05a01df6b96f38d1dd26ab0ab27cb11d
SHA256: e4a1b98db60019df21dcd9df3b282aca7f24a2b72388ed9e88ef2cb75d5fa2a6
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype.msrtc-0-2576771366.blog.redod
binary
MD5: 50b5530d4b943234e7acedfe54a287ec
SHA256: ca87aeb5e826fb6a1b2a518df0af036c83b960c6c517f12ee9172fd1feea4dcb
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype.msrtc-1-1870167131.blog
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype.msrtc-0-2576771366.blog
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype_MediaStackETW-2018.34.1.3-UVA-x86release-U.etl
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LOG.redod
binary
MD5: e3f2f97053609fe0dd007d97384db54f
SHA256: c74d5a09fbeaf93f90cdb5d40797179c295feb8b278e7381481896c9e0cfb092
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\logs\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\MANIFEST-000001.redod
binary
MD5: a1cfcfe381f55fccd1712fa925d364ab
SHA256: f4ecb4c0de518ba9d89dcca3c5cee9ed8e62bb196363de146600df2b054e0444
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LOG.old.redod
mp3
MD5: 449524a6aba1c14987af9a73f0a09d17
SHA256: 31347cb86db55e6e9e3da03b1abddb7d9321870d9c0d67d1b878607c3ff3f15d
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LOG.old
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\MANIFEST-000001
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000005.ldb.redod
binary
MD5: 987ce7cc2d66b615ba606ce2a7826b64
SHA256: 8ae17e589b2deca2182d4efaf5e96fff3777261979688e8938616f5b6d14a549
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\CURRENT.redod
binary
MD5: 76e594fc713af724e9c8629f99b053c9
SHA256: 11db235778bbbdb68e31a27df73f377bd58a22a2637d70ab020a474bbccff872
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000017.log.redod
binary
MD5: 189889493db9f3030b1fb01d8e06aeb7
SHA256: 8721696f9681059403b73c4496886ab2aefe2bcfb789dc69e3b7b582120c7d03
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000018.ldb.redod
binary
MD5: 76e1eb0b660987fc63ddd927245eb922
SHA256: 15065cd281a4f60551a3aae277c0a772a5d3acdcb9d48d3ed18f256be525ceb0
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LOG
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\CURRENT
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000018.ldb
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000017.log
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\LOG.old.redod
binary
MD5: f65b3c89dfe987ae4fba77f9f9bc2100
SHA256: 353dfc7a0b200f16a74033fce2925378b6f42da39a215e0da74b0457b96f328a
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\MANIFEST-000001.redod
binary
MD5: 0a921b47b264be82fc3461a4549cb05e
SHA256: 86517146afbc844bec8ae0f56f7b1048fb8871f220bdae8ddd369cbfafc0f85f
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\LOG.redod
binary
MD5: 73457396ec9cddec2ec205151168364a
SHA256: d78d868aedc4743ea857cad518c5e105c1fdaf8c733e30148a747c24cf8a8520
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000005.ldb
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\MANIFEST-000001
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\LOG.old
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\000003.log.redod
binary
MD5: dc12fe9b93918477cbd0f8dc8e775eff
SHA256: d2cb57c95eb7579c9bed7ac505deb1f2de7e0859a774bb0e9ea600aa345e054d
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\CURRENT.redod
binary
MD5: c431d49e7efa298125080e886b43da8d
SHA256: a750d0fb2516e0c998857834dc9a89086b80a6b53f711199333a1a6f568234d8
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\LOG
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\CURRENT
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\000003.log
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\ecscache.json.redod
binary
MD5: d5dcfd53021ddd10d0f0e6e6e24d3e1e
SHA256: 870e546e2d146089da3365047b11f3fd2683575751763943623007b9e970ecce
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\dictionaries\en-US.bdic.redod
binary
MD5: 3e80acf282187a2592d2600310ac0cd0
SHA256: 7c0ce0659fe21352804f1456a97d37a9c784c787c016a1508fdfe6caedecc208
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\dictionaries\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\dictionaries\en-US.bdic
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\ecscache.json
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\databases\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\device-info.json.redod
binary
MD5: 2e5ebc113d863b88a126915b69efd888
SHA256: 791bfc9e970ede936e0e27c6c25331c98c9603a3a897f420f8d8beea82e32828
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cookies.redod
binary
MD5: d273ff819a6d6167b6c1b98f1a4bc883
SHA256: 02d24f33bf755cdea5b82d866e31f1b073e4e54b767c3fb6bd993457a45dff8a
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\databases\Databases.db.redod
binary
MD5: 07e9768d2fa83f2179febdb36ec2cdb7
SHA256: 55073e75c222467c5f5f9c135affcacf16c1752d59bb2a8df3f89ff95b4eaed7
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cookies
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\device-info.json
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\databases\Databases.db
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000003.redod
binary
MD5: 1e295640935711442c0116fbb480d1f3
SHA256: 7eb21d20a160366e4b37423570f25509e4e0a82e0047301d789f221e6160b848
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\index.redod
binary
MD5: 0e1d301c495d2e0a3793c2bb291b5e2c
SHA256: aee3c1352bed7dd41cfdc3fed997e262c462dcca1dfdeb722f30e26e4263cf39
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000004.redod
binary
MD5: b3d6cb5b50aa5e7f2f1da4e53cf32d36
SHA256: e2320ab596132c3be162c44d74eeb882857a1a15588c1069098b8ffa273406d8
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\index
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000003
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000004
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000001.redod
binary
MD5: 253948db3ac07a100d27828e87c46797
SHA256: b20d0b57300201b46a8deab6702e12708cee47d6985566257aa09e2554893bb3
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000002.redod
binary
MD5: 29a3e841aafe46bb57b5e652f9f770f5
SHA256: 647b72a1fa4cc720184387483ece8a8e93e2b871168290c51ad600a6c04727a1
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000001
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000002
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_3.redod
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_3
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_2.redod
binary
MD5: 04b0c6aa44a30891c14a2ea60bd84bd0
SHA256: 262013d5cb97ab75b7a36afe85f22da1327b08fb02218cea72608f25da6e3379
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_1.redod
binary
MD5: 8def1b81f7e1ae0789982ee31c8800b5
SHA256: 623333d73afdf361d15ae8a1a5d6573defa85dbcaff49aed57d659a1cbda066f
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_2
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_1
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_0.redod
binary
MD5: d0dd27310be604689e1a7bcacfeb249d
SHA256: cefeba471d357d4be88de8aef01641e9e1ee8dc959c8c02077db6f5e2f245de9
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Signatures\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Publisher Building Blocks\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Publisher Building Blocks\ContentStore.xml.redod
binary
MD5: 6e7d24428e2ae7e7e8f8855ed6ca0a9f
SHA256: 0480b848e6704e30bbd10223c14c742a1ca505c53c7ef9e474687e58336c058a
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_0
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Publisher Building Blocks\ContentStore.xml
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\54ba308a-6a9a-4e0e-b137-b89d3579498b.redod
binary
MD5: 505b9f68719faa8f0a621b4e996dcca1
SHA256: 6a12b3537666a09a92c26b0398a199cfa0f0990efab92a6bf93a4104040ed36f
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\Preferred.redod
binary
MD5: 8baa52670dfb8c3a31e6f21e31ed738e
SHA256: aa824244afa93d644186c789643d344338573337393ac1f7782d883de9531b88
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Publisher\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\29fd2168-360f-422a-a685-e6961ea74ba8.redod
binary
MD5: 4075663a9b8afd915dfbc075fd78fc89
SHA256: 521567960b7411ccc7cc3f54550418ccbd8596f7a1b90b8e473c1f6b1c69adae
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\Preferred
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\54ba308a-6a9a-4e0e-b137-b89d3579498b
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\29fd2168-360f-422a-a685-e6961ea74ba8
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\CREDHIST.redod
binary
MD5: 9966e8c88727646e207cf7ba17180596
SHA256: a15e72f246ff77b69ef6a70d8868de5cdddf929abcf481ec46f4c43df03a381c
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\CREDHIST
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\Outlook.srs.redod
binary
MD5: bc3371258a6ba431f99206063edefe52
SHA256: 794f2d5af09552ddbea3cf0402f233f781f317653cae1933878af0aaabd3dfb1
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\Outlook.xml.redod
binary
MD5: 4e461e5f9b9ad6d016ddb344723cd98c
SHA256: 7712ddde9f1178242193cf9d385a7823083144c5949a2dcb29aeb09a906fbbc4
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\NoMail.xml.redod
binary
MD5: bff9a7da18e595f760b458f9b3349383
SHA256: 3fda86f1afe2bffd748e5ecca9ebc48806cac17fc221f026ce0c21bec0f4f08f
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\test.xml.redod
binary
MD5: 759aac44dfa669896f7e9503f75c6567
SHA256: 82ea7a7a8f71c3afd2103eb2701f2de18eba6022de5186d9bf11c9e8a3aea5e7
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\PowerPoint\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Proof\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\test.srs.redod
binary
MD5: 4ad098833c1a859feaf1f68df793561c
SHA256: c2f44686f10c0a6d438cde30bf23634b680cafcb7cc48361d399b2d2de5c9298
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\test.xml
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\test.srs
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\Outlook.xml
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\Outlook.srs
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\OneNote\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Office\MSO1033.acl.redod
binary
MD5: b984ddfa40ccaa75bd75f479690be29d
SHA256: 5dab0891629ef6f24b8ee9e57455687219fa38a1930e2e5942478c24da7f281a
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\OneNote\14.0\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\OneNote\14.0\Preferences.dat.redod
binary
MD5: 4479b62f0a9869ec811e8bf9dfd01788
SHA256: 5a904ca500c09a21e327a7ba4ddc9f4c4c3115188e805b20c56d5afd83ed9836
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\NoMail.xml
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\OneNote\14.0\Preferences.dat
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Office\MSO1033.acl
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\MMC\taskschd.redod
binary
MD5: e19c2a42b1420546b6337f7bcb3583c7
SHA256: e082c088a335b2a4441a7a69c6d01152f1b1803eb9e81e8ac40c2c6994bded47
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Network\Connections\Pbk\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Office\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Network\Connections\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Network\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\MMC\taskschd
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\MMC\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\HTML Help\hh.dat.redod
binary
MD5: 101048594e534a3166bbda5d9c6b1480
SHA256: db97f2cd0fbbc02ceed50d0f1add4499b2f38dc2bd148d0de67eb672e9e1425b
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\HTML Help\hh.dat
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Excel\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\HTML Help\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\Built-In Building Blocks.dotx.redod
binary
MD5: c9f565765d2e02d28d43c5e0499a1172
SHA256: 38ac6071c3f37d270f7967eb6ed2f2e841224d6eafd43fa72205c24b2fe82fa8
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Excel\XLSTART\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\Built-In Building Blocks.dotx
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\1033\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\c43c9d3341c1ddc712bbe39db3c78fa5_90059c37-1320-41a4-b58d-2b75a9850d2f.redod
binary
MD5: 0f93fe1e3d4af3a1613eacebe28db5bf
SHA256: 49c80990f78f73f74020aaef2f536ae7666e0dc0afea748a1b77d7daf06733ea
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\e3f86d7936454598ef98443d4fd3260d_90059c37-1320-41a4-b58d-2b75a9850d2f.redod
binary
MD5: 8fa8e10a0088846f8021f65d8f46f58c
SHA256: d48f0359f4dcf8d00d8b2ae9b3d3c64dde1f09c59c03f85b06403364e81a4085
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\e3f86d7936454598ef98443d4fd3260d_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\c43c9d3341c1ddc712bbe39db3c78fa5_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\7be1242ebc44e45985bd1ffa382e997c_90059c37-1320-41a4-b58d-2b75a9850d2f.redod
binary
MD5: b3d11377c272e64043e96e1eeef9e3bb
SHA256: 7790e41c7a6d53773af9133df1069fc89b8f2bcd3898bb02b935167b2c94d1f6
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\a551dda6b1d5ee0d0c4637af6c004413_90059c37-1320-41a4-b58d-2b75a9850d2f.redod
binary
MD5: c8b39b2f4f8242f0f59117a2fad41b9f
SHA256: 0fc38acba4032a5e1d68ad87b5553e6c75e9b4da328212b02ffd020fd9edaefe
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\a551dda6b1d5ee0d0c4637af6c004413_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\7be1242ebc44e45985bd1ffa382e997c_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\1f91d2d17ea675d4c2c3192e241743f9_90059c37-1320-41a4-b58d-2b75a9850d2f.redod
binary
MD5: 7e4ffb069774a064622c4617adfac586
SHA256: dfdc86fd3ab6dc5b994af475cac3e3dc84c2a6722640d90eb9524d810a8c7150
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\1f91d2d17ea675d4c2c3192e241743f9_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\0f5007522459c86e95ffcc62f32308f1_90059c37-1320-41a4-b58d-2b75a9850d2f.redod
binary
MD5: fae65b2521865bc6bb674106e7972b94
SHA256: e1e552858375b6a7e5600421d423af8e6c293e0a2d1addaa83f2e056bed764a8
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\0f5007522459c86e95ffcc62f32308f1_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\Credentials\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\AddIns\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Microsoft\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\FileZilla\layout.xml.redod
binary
MD5: 0286ed588bf4ac4a85c0ef028bf1753f
SHA256: a9cbd9bf0f9cfa8738c9dc29904d106eeec070b5aeb09295370678c3d586b97b
3880
jelma.exe
C:\Users\admin\AppData\Roaming\FileZilla\queue.sqlite3.redod
binary
MD5: 741b52aad21a957a175131a660b0a21a
SHA256: 7e118a80c1300b44b6aca598b7f208c6bcb853ef52997f6343441a01efd81bf0
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Media Center Programs\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Identities\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Identities\{E4CE17A7-FC47-4CD1-8FF6-45436C8F45DB}\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\FileZilla\queue.sqlite3
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml.redod
binary
MD5: 01c77016118cc6a014270c9131de0ac9
SHA256: 925da2f58bfaea934c9c92ba236743b5ec7d4b90ee9f942d20edab6798970282
3880
jelma.exe
C:\Users\admin\AppData\Roaming\FileZilla\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Adobe\Sonar\Sonar1.0\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\FileZilla\filezilla.xml.redod
binary
MD5: 32f47d70a33504ff85a18b1a1ea84483
SHA256: b0ae37565686c82ad8a3b5e99c92a39e0f8484c3dd6203bde1f669d01bad7969
3880
jelma.exe
C:\Users\admin\AppData\Roaming\FileZilla\filezilla.xml
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\FileZilla\layout.xml
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Adobe\Sonar\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_AcroARM2_Reader_2274f67c-7a7f-45e3-a23e-aa35d5b91e00_02f147fa-0489-4885-b993-ed9936fcacc0_0.rdy.redod
binary
MD5: dd53057aef730b6ffc919261e8321ded
SHA256: 674a460ebe3ccdbb7484d169df3faab1545846561c396ee007a7e04bd2d588de
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg.redod
binary
MD5: 97a254776f2f488a46e4e18a40bfb3a7
SHA256: b77ece56e31b215935152788b292ed10de7d1c73da4a477e26cfb60b2197bff4
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_HeadlightsOptinProductFamily_HeadlightsOptinProduct_00000000-0000-0000-0000-000000000000_dc2ece58-8a8b-40bf-98c2-48039a3392bd.log.redod
binary
MD5: be819cce08e05c2bd00097338cd28b40
SHA256: 9cc69c710c5a97eecac4e4b76fa1d1baad68e2e54dc0fbde9f817836215ee70e
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_AcroARM2_ARM2Update_2274f67c-7a7f-45e3-a23e-aa35d5b91e00_fea03e67-af51-4fcb-b57f-c238867edb9b_0.log.redod
binary
MD5: 1e9fb67044322721b617e3a90991f9a7
SHA256: 4630a32f3929ffe94cd2598f546ad4a0ff90c798a57ed86de6ad6352ea935928
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_HeadlightsOptinProductFamily_HeadlightsOptinProduct_00000000-0000-0000-0000-000000000000_dc2ece58-8a8b-40bf-98c2-48039a3392bd.log
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_AcroARM2_Reader_2274f67c-7a7f-45e3-a23e-aa35d5b91e00_02f147fa-0489-4885-b993-ed9936fcacc0_0.rdy
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\AssetCache\J7D4H966\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl.redod
binary
MD5: d388253f7aeeabc05af22037a42b5ea7
SHA256: 505b6d1fb16778fb2847afd3f9e9300702ebbcf7b042608dc89295c20a69e32e
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\AssetCache\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Adobe\Headlights\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Adobe\Linguistics\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\NativeCache\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_AcroARM2_ARM2Update_2274f67c-7a7f-45e3-a23e-aa35d5b91e00_fea03e67-af51-4fcb-b57f-c238867edb9b_0.log
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata.redod
binary
MD5: dbdcd7a4cb3d8a89fb30983ce641c83d
SHA256: fdf08918e6ffaed19dad68531e4732caa190ba33273d4973f07431f150dd7f74
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings.redod
binary
MD5: 894b26a02b3fb0f515f419e54c13ab85
SHA256: dbd12fb0c764bf23ca54179e30a51177a798a0f8b04c9f4cdcb63ee79c2bf1f7
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl.redod
binary
MD5: 634b588f533769c6c95dd58e245a8ca2
SHA256: 601d0f7f2815d7fa363abfc65d9bf24bc472a43a75f446d504fccea2900abbb0
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Adobe\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\JSCache\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp.redod
binary
MD5: 2bcff136f032917964c8f2ab41f83289
SHA256: b403b3415ba232c42a13b6edbc8f362af584b7b4a13755cb873fc2b4140a3d75
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Collab\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData.redod
binary
MD5: 3152f0ed992308d2fa939edae6684c00
SHA256: 650053b052e211b48f8e8694f6787011816c519b6991b7fb4e4f51039e2eaee6
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Forms\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp
––
MD5:  ––
SHA256:  ––
3880
jelma.exe
C:\Users\admin\.oracle_jre_usage\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\Users\admin\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79
3880
jelma.exe
C:\$Recycle.Bin\S-1-5-21-1302019708-1500728564-335382590-1000\REDOD-DECRYPT.txt
text
MD5: 6444289a8fce55ee8e503dd873a2605e
SHA256: fe6b3d938c99c349b1578b9138c24fbdf03c269ccbec38958e981e9042d41e79

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
33
TCP/UDP connections
60
DNS requests
27
Threats
12

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3880 jelma.exe GET –– 78.46.77.98:80 http://www.2mmotorsport.biz/ DE
––
––
malicious
3880 jelma.exe GET 200 217.26.53.161:80 http://www.haargenau.biz/ CH
html
malicious
3880 jelma.exe POST –– 217.26.53.161:80 http://www.haargenau.biz/static/assets/sesekeda.png CH
text
––
––
malicious
3880 jelma.exe GET 200 74.220.215.73:80 http://www.bizziniinfissi.com/ US
html
malicious
3880 jelma.exe POST 404 74.220.215.73:80 http://www.bizziniinfissi.com/data/graphic/soeszumoth.png US
text
html
malicious
3880 jelma.exe GET 200 136.243.13.215:80 http://www.holzbock.biz/ DE
html
malicious
3880 jelma.exe POST 510 136.243.13.215:80 http://www.holzbock.biz/content/assets/keamka.bmp DE
text
html
malicious
3880 jelma.exe GET 301 109.234.38.95:80 http://www.fliptray.biz/ RU
html
malicious
3880 jelma.exe GET 302 192.185.159.253:80 http://www.pizcam.com/ US
––
––
malicious
3880 jelma.exe GET 301 83.138.82.107:80 http://www.swisswellness.com/ DE
––
––
malicious
3880 jelma.exe GET –– 212.59.186.61:80 http://www.hotelweisshorn.com/ CH
––
––
malicious
3880 jelma.exe POST 404 212.59.186.61:80 http://www.hotelweisshorn.com/news/pics/imdeamesdezu.jpg CH
text
html
malicious
3880 jelma.exe GET 301 83.166.138.7:80 http://www.whitepod.com/ CH
––
––
malicious
3880 jelma.exe GET 301 69.16.175.10:80 http://www.hardrockhoteldavos.com/ US
html
malicious
3880 jelma.exe GET 301 104.24.23.22:80 http://www.belvedere-locarno.com/ US
––
––
malicious
3880 jelma.exe GET 301 80.244.187.247:80 http://www.hotelfarinet.com/ GB
––
––
malicious
3880 jelma.exe GET –– 217.26.53.37:80 http://www.hrk-ramoz.com/ CH
––
––
malicious
3880 jelma.exe POST 404 217.26.53.37:80 http://www.hrk-ramoz.com/content/pictures/ruso.jpg CH
text
xml
malicious
3880 jelma.exe GET 301 212.59.186.61:80 http://www.morcote-residenza.com/ CH
––
––
malicious
3880 jelma.exe GET 301 136.243.162.140:80 http://www.seitensprungzimmer24.com/ DE
html
malicious
3880 jelma.exe GET 200 93.184.221.240:80 http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab US
compressed
whitelisted
3880 jelma.exe GET 200 93.184.221.240:80 http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/DF3C24F9BFD666761B268073FE06D1CC8D4F82A4.crt US
der
whitelisted
3880 jelma.exe GET 302 213.186.33.5:80 http://www.arbezie-hotel.com/ FR
html
malicious
3880 jelma.exe GET 404 213.186.33.50:80 http://www.arbezie.com/uploads/images/fusozu.jpg FR
html
suspicious
3880 jelma.exe GET –– 217.26.55.5:80 http://www.aubergemontblanc.com/ CH
––
––
malicious
3880 jelma.exe POST –– 217.26.55.5:80 http://www.aubergemontblanc.com/includes/imgs/rumefuim.jpg CH
text
––
––
malicious
3880 jelma.exe GET 200 93.88.241.198:80 http://www.torhotel.com/ CH
html
malicious
3880 jelma.exe POST 404 93.88.241.198:80 http://www.torhotel.com/includes/tmp/hesoseke.gif CH
text
html
malicious
3880 jelma.exe GET 301 83.137.114.198:80 http://www.alpenlodge.com/ AT
––
––
malicious
3880 jelma.exe GET 301 79.170.40.230:80 http://www.aparthotelzurich.com/ GB
html
malicious
3880 jelma.exe GET 301 199.34.228.70:80 http://www.bnbdelacolline.com/ US
html
malicious
3880 jelma.exe GET 301 80.74.144.93:80 http://www.elite-hotel.com/ CH
html
malicious
3880 jelma.exe GET 302 213.186.33.17:80 http://www.bristol-adelboden.com/ FR
html
malicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3880 jelma.exe 78.46.77.98:80 Hetzner Online GmbH DE suspicious
3880 jelma.exe 78.46.77.98:443 Hetzner Online GmbH DE suspicious
3880 jelma.exe 217.26.53.161:80 Hostpoint AG CH malicious
3880 jelma.exe 74.220.215.73:80 Unified Layer US malicious
3880 jelma.exe 136.243.13.215:80 Hetzner Online GmbH DE suspicious
3880 jelma.exe 109.234.38.95:80 Webzilla B.V. RU unknown
3880 jelma.exe 109.234.38.95:443 Webzilla B.V. RU unknown
3880 jelma.exe 192.185.159.253:80 CyrusOne LLC US malicious
3880 jelma.exe 192.185.159.253:443 CyrusOne LLC US malicious
3880 jelma.exe 83.138.82.107:80 hostNET Medien GmbH DE suspicious
3880 jelma.exe 83.138.82.107:443 hostNET Medien GmbH DE suspicious
3880 jelma.exe 212.59.186.61:80 green.ch AG CH malicious
3880 jelma.exe 83.166.138.7:80 Infomaniak Network SA CH malicious
3880 jelma.exe 83.166.138.7:443 Infomaniak Network SA CH malicious
3880 jelma.exe 69.16.175.10:80 Highwinds Network Group, Inc. US suspicious
3880 jelma.exe 69.16.175.10:443 Highwinds Network Group, Inc. US suspicious
3880 jelma.exe 104.24.23.22:80 Cloudflare Inc US malicious
3880 jelma.exe 104.24.23.22:443 Cloudflare Inc US malicious
3880 jelma.exe 80.244.187.247:80 UKfastnet Ltd GB suspicious
3880 jelma.exe 80.244.187.247:443 UKfastnet Ltd GB suspicious
3880 jelma.exe 217.26.53.37:80 Hostpoint AG CH suspicious
3880 jelma.exe 212.59.186.61:443 green.ch AG CH malicious
3880 jelma.exe 136.243.162.140:80 Hetzner Online GmbH DE suspicious
3880 jelma.exe 136.243.162.140:443 Hetzner Online GmbH DE suspicious
3880 jelma.exe 93.184.221.240:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
3880 jelma.exe 213.186.33.5:80 OVH SAS FR malicious
3880 jelma.exe 213.186.33.5:443 OVH SAS FR malicious
3880 jelma.exe 213.186.33.50:80 OVH SAS FR suspicious
3880 jelma.exe 217.26.55.5:80 Hostpoint AG CH suspicious
3880 jelma.exe 93.88.241.198:80 Infomaniak Network SA CH malicious
3880 jelma.exe 83.137.114.198:80 Nessus GmbH AT malicious
3880 jelma.exe 83.137.114.198:443 Nessus GmbH AT malicious
3880 jelma.exe 79.170.40.230:80 Host Europe GmbH GB suspicious
3880 jelma.exe 79.170.40.230:443 Host Europe GmbH GB suspicious
3880 jelma.exe 199.34.228.70:80 Weebly, Inc. US malicious
3880 jelma.exe 199.34.228.70:443 Weebly, Inc. US malicious
3880 jelma.exe 80.74.144.93:80 METANET AG CH malicious
3880 jelma.exe 80.74.144.93:443 METANET AG CH malicious
3880 jelma.exe 213.186.33.17:80 OVH SAS FR malicious
3880 jelma.exe 213.186.33.17:443 OVH SAS FR malicious

DNS requests

Domain IP Reputation
www.2mmotorsport.biz 78.46.77.98
malicious
www.haargenau.biz 217.26.53.161
malicious
www.bizziniinfissi.com 74.220.215.73
malicious
www.holzbock.biz 136.243.13.215
malicious
www.fliptray.biz 109.234.38.95
malicious
www.pizcam.com 192.185.159.253
malicious
www.swisswellness.com 83.138.82.107
malicious
www.hotelweisshorn.com 212.59.186.61
malicious
www.whitepod.com 83.166.138.7
malicious
www.hardrockhoteldavos.com 69.16.175.10
69.16.175.42
malicious
www.belvedere-locarno.com 104.24.23.22
104.24.22.22
malicious
www.hotelfarinet.com 80.244.187.247
malicious
www.hrk-ramoz.com 217.26.53.37
malicious
www.morcote-residenza.com 212.59.186.61
malicious
www.seitensprungzimmer24.com 136.243.162.140
malicious
www.download.windowsupdate.com 93.184.221.240
whitelisted
seitensprungzimmer24.com 136.243.162.140
malicious
www.arbezie-hotel.com 213.186.33.5
malicious
www.arbezie.com 213.186.33.50
suspicious
www.aubergemontblanc.com 217.26.55.5
malicious
www.torhotel.com 93.88.241.198
malicious
www.alpenlodge.com 83.137.114.198
malicious
www.aparthotelzurich.com 79.170.40.230
malicious
www.bnbdelacolline.com 199.34.228.70
malicious
www.elite-hotel.com 80.74.144.93
malicious
elite-hotel.com 80.74.144.93
malicious
www.bristol-adelboden.com 213.186.33.17
malicious

Threats

PID Process Class Message
3880 jelma.exe A Network Trojan was detected ET TROJAN [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
3880 jelma.exe A Network Trojan was detected MALWARE [PTsecurity] Win32/GandCrab Ransomware CnC Activity
3880 jelma.exe A Network Trojan was detected MALWARE [PTsecurity] Win32/GandCrab Ransomware CnC Activity
3880 jelma.exe A Network Trojan was detected MALWARE [PTsecurity] Win32/GandCrab Ransomware CnC Activity
3880 jelma.exe A Network Trojan was detected ET POLICY Data POST to an image file (jpg)
3880 jelma.exe A Network Trojan was detected MALWARE [PTsecurity] Win32/GandCrab Ransomware CnC Activity
3880 jelma.exe A Network Trojan was detected ET POLICY Data POST to an image file (jpg)
3880 jelma.exe A Network Trojan was detected MALWARE [PTsecurity] Win32/GandCrab Ransomware CnC Activity
3880 jelma.exe A Network Trojan was detected ET POLICY Data POST to an image file (jpg)
3880 jelma.exe A Network Trojan was detected MALWARE [PTsecurity] Win32/GandCrab Ransomware CnC Activity
3880 jelma.exe A Network Trojan was detected ET POLICY Data POST to an image file (gif)
3880 jelma.exe A Network Trojan was detected MALWARE [PTsecurity] Win32/GandCrab Ransomware CnC Activity

Debug output strings

Process Message
jelma.exe Minidump failed!